Skip to main content
CVE-2014-7228 HIGH POC Act Now

Akeeba Restore (restore.php), as used in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Joomla
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
6.1%
CVE-2014-8350 HIGH POC PATCH This Week

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Code Injection Smarty
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-5507 HIGH POC This Week

iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ibackup
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
1.1%
CVE-2014-5271 HIGH Act Now

Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.2% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Ffmpeg Libav
NVD
CVSS 2.0
7.5
EPSS
17.2%
CVE-2014-0490 HIGH PATCH This Week

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Advanced Package Tool
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-0489 HIGH PATCH This Week

APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Advanced Package Tool
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-0487 HIGH PATCH This Week

APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Advanced Package Tool
NVD
CVSS 2.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy