Skip to main content
CVE-2014-2268 MEDIUM POC THREAT This Month

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.3%.

PHP Privilege Escalation Vtiger Crm
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
77.3%
Threat
4.8
CVE-2014-8949 MEDIUM POC THREAT This Month

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.4%.

RCE WordPress Code Injection Imember360
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
10.4%
CVE-2013-0347 HIGH POC This Week

The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webfs
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-8948 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress Imember360
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-0233 MEDIUM POC This Month

Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Red Hat Openshift
NVD
CVSS 2.0
6.5
EPSS
1.0%
CVE-2014-3248 MEDIUM POC PATCH This Month

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before. Rated medium severity (CVSS 6.2). Public exploit code available.

Information Disclosure Facter Marionette Collective Hiera Puppet +1
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2014-3755 MEDIUM POC This Month

The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mumble
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-0250 HIGH This Week

Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Freerdp Opensuse
NVD GitHub
CVSS 2.0
7.5
EPSS
3.1%
CVE-2014-8952 HIGH This Week

Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Checkpoint Denial Of Service Security Gateway
NVD
CVSS 2.0
7.1
EPSS
0.7%
CVE-2014-8951 HIGH This Week

Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Checkpoint Denial Of Service Security Gateway
NVD
CVSS 2.0
7.1
EPSS
0.7%
CVE-2014-8950 HIGH This Week

Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Checkpoint Denial Of Service Security Gateway
NVD
CVSS 2.0
7.1
EPSS
0.7%
CVE-2014-2682 MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

XXE Zendrest Zend Framework Zendservice Slideshare Zendservice Api +6
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-2681 MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Zendrest Zend Framework Zendservice Slideshare +7
NVD
CVSS 2.0
6.4
EPSS
3.0%
CVE-2014-2684 MEDIUM This Month

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zendopenid Zend Framework
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2012-2301 MEDIUM PATCH This Month

The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Ubercart
NVD
CVSS 2.0
6.0
EPSS
0.9%
CVE-2014-2683 MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Zendrest Zend Framework Zendservice Slideshare Zendservice Api +6
NVD
CVSS 2.0
5.0
EPSS
2.6%
CVE-2014-3756 MEDIUM This Month

The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mumble
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-3916 MEDIUM This Month

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Rails
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-3737 MEDIUM PATCH This Month

The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Apache Request Tracker
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0228 LOW PATCH Monitor

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Apache Authentication Bypass Hive
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-2667 LOW Monitor

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file. Rated low severity (CVSS 3.3). No vendor patch available.

Race Condition Python Authentication Bypass
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3209 LOW Monitor

The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ldns
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy