Skip to main content
CVE-2014-8770 CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

RCE Code Injection File Upload PHP Adobe +1
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
13.2%
CVE-2014-8554 HIGH POC This Week

SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Mantisbt
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-8359 HIGH POC This Week

Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Huawei Microsoft Mobile Partner Firmware +3
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
1.1%
CVE-2014-8557 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in JExperts Channel Platform 5.0.33_CCB allow remote attackers to inject arbitrary web script or HTML via the (1) usuario.nome variable in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Channel Platform
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3674 HIGH This Week

Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openshift
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-8564 MEDIUM PATCH This Month

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-7823 MEDIUM PATCH This Month

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Libvirt
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8476 LOW Monitor

The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3602 LOW Monitor

Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openshift
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy