Skip to main content
CVE-2014-8517 HIGH POC PATCH THREAT Act Now

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.0%.

Command Injection Mac Os X Netbsd
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
85.0%
Threat
5.5
CVE-2014-8499 MEDIUM POC THREAT This Month

Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.9%.

Zoho SQLi Password Manager Pro
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
74.9%
Threat
5.0
CVE-2012-1669 MEDIUM POC THREAT This Month

Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 20.1%.

Path Traversal PHP Phpmoneybooks
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
20.1%
CVE-2014-8596 HIGH POC This Week

Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Fusion
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.2%
CVE-2014-8498 MEDIUM POC This Month

SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho SQLi Manageengine Password Manager Pro
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
4.6%
CVE-2014-8953 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Php Scriptlerim Who S Who
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-8727 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Big Ip Local Traffic Manager
NVD Exploit-DB
CVSS 2.0
6.2
EPSS
0.2%
CVE-2012-6665 MEDIUM POC This Month

Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal PHP Phpmoneybooks
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.4%
CVE-2014-8954 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Phpsound
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.3%
CVE-2014-8955 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Clean And Simple Contact Form
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-5277 MEDIUM PATCH This Month

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Docker Information Disclosure Docker Py
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-3629 MEDIUM This Month

XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XXE Microsoft Qpid
NVD
CVSS 2.0
4.3
EPSS
1.7%
CVE-2014-8732 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Phpmemcachedadmin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0059 LOW Monitor

JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Enterprise Application Platform
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy