Skip to main content
CVE-2014-5258 MEDIUM POC THREAT This Month

Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.2%.

Path Traversal PHP Webedition Cms
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
81.2%
Threat
4.7
CVE-2014-8656 CRITICAL POC THREAT Emergency

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.6%.

Authentication Bypass Firmware Cg6640E Wireless Gateway Ch664Oe Wireless Gateway
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
15.6%
Threat
4.0
CVE-2014-0995 MEDIUM POC THREAT This Month

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.6%.

Denial Of Service SAP Netweaver
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
32.6%
CVE-2014-8657 MEDIUM POC THREAT This Month

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.9%.

Denial Of Service Firmware Cg6640E Wireless Gateway Ch664Oe Wireless Gateway
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
20.9%
CVE-2014-8655 MEDIUM POC THREAT This Month

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.

Privilege Escalation Firmware Cg6640E Wireless Gateway Ch664Oe Wireless Gateway
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
15.4%
CVE-2014-8669 CRITICAL Act Now

The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Customer Relationship Management
NVD
CVSS 2.0
10.0
EPSS
10.0%
CVE-2014-8351 HIGH POC PATCH This Week

SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Cookieviz
NVD GitHub
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-8654 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Firmware Cg6640E Wireless Gateway Ch664Oe Wireless Gateway
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
3.8%
CVE-2014-8661 CRITICAL Act Now

The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Customer Relationship Management Internet Sales
NVD
CVSS 2.0
10.0
EPSS
4.5%
CVE-2014-7959 MEDIUM POC PATCH This Month

SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi PHP Bulletproof Security
NVD
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-8653 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.8%.

XSS Firmware Cg6640E Wireless Gateway Ch664Oe Wireless Gateway
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
11.8%
CVE-2014-6030 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Selectsurvey Net
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.7%
CVE-2014-8670 MEDIUM POC This Month

Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Open Redirect Vbulletin
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-4664 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Wordfence Security Wordfence
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-7958 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Bulletproof Security
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-5451 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Modx Revolution
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-5257 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Formalms
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8352 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Cookieviz
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8658 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Refinedwiki Original Theme
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-8662 HIGH This Week

Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Payroll Process
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-8668 HIGH This Week

SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Contract Accounting
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-8664 HIGH This Week

SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Environment Health And Safety
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-8663 HIGH This Week

SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver Business Warehouse
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-8660 HIGH This Week

SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

RCE SAP Code Injection Document Management Services
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2014-8483 MEDIUM PATCH This Month

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Ubuntu Linux Debian Linux +2
NVD GitHub
CVSS 2.0
5.0
EPSS
3.2%
CVE-2014-8666 MEDIUM This Month

The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Intelligence Development Workbench
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-8665 MEDIUM This Month

The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Intelligence Development Workbench
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-8659 MEDIUM This Month

Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Environment Health And Safety
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-8667 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Hana Web Based Development Workbench
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-8508 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Avr 3313Ci
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy