Skip to main content
CVE-2014-7176 MEDIUM POC THREAT This Month

SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.8%.

SQLi Tuleap
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
13.8%
CVE-2013-7057 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Securetransport
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-8473 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Cloud Service Management
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-4311 MEDIUM POC This Month

Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Epicor Enterprise
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-5387 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[]. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Expressionengine
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-8591 MEDIUM POC This Month

Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-8585 MEDIUM POC This Month

Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Download Manager
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-0223 MEDIUM POC PATCH This Month

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Server Qemu
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-8593 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Allomani Weblinks
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3461 MEDIUM This Month

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
6.8
EPSS
3.3%
CVE-2014-8472 MEDIUM PATCH This Month

CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Cloud Service Management
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-3660 MEDIUM PATCH This Month

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libxml2 Mac Os X Ubuntu Linux Debian Linux +1
NVD
CVSS 2.0
5.0
EPSS
4.3%
CVE-2014-6130 MEDIUM This Month

The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Google Information Disclosure Notes Traveler
NVD
CVSS 2.0
5.0
EPSS
2.7%
CVE-2014-8592 MEDIUM This Month

Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-8589 MEDIUM This Month

Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Network Interface Router
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-8590 MEDIUM This Month

XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Java Netweaver Java Application Server
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-8584 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Web Dorado Spider Video Player
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-8471 MEDIUM PATCH This Month

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Cloud Service Management
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy