Skip to main content
CVE-2014-8998 MEDIUM POC THREAT This Month

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 66.0%.

RCE PHP Code Injection X7 Chat
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
66.0%
Threat
4.8
CVE-2014-8768 MEDIUM POC THREAT This Month

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.3%.

Integer Overflow Denial Of Service Opensuse Ubuntu Linux Solaris +1
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
28.3%
CVE-2014-9000 MEDIUM POC THREAT This Month

Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.

RCE Privilege Escalation Mule Enterprise Management Console
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
15.1%
CVE-2014-8493 MEDIUM POC THREAT This Month

ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

Privilege Escalation Zte Zxhn H108L Firmware
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
17.7%
CVE-2014-9001 MEDIUM POC This Month

reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Incredible Pbx 11
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
6.2%
CVE-2014-8769 MEDIUM POC This Month

tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Tcpdump
NVD
CVSS 2.0
6.4
EPSS
3.1%
CVE-2014-9019 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Zte Zxdsl
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-9003 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Xprintserver
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9027 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Zte Zxdsl 831Cii
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-8999 MEDIUM POC This Month

SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Xoops
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-8767 MEDIUM POC This Month

Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpdump
NVD
CVSS 2.0
5.0
EPSS
6.5%
CVE-2014-8995 MEDIUM POC This Month

SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Letterbox
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-9006 MEDIUM POC This Month

Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Monstra
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3625 MEDIUM PATCH This Month

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0%.

Path Traversal Java Spring Framework
NVD
CVSS 2.0
5.0
EPSS
17.0%
CVE-2014-9004 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Vldpersonals
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-9020 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Zte Zxdsl 831 Zxdsl 831Cii
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8996 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Nibbleblog
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9021 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Zte Zxdsl 831
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9022 MEDIUM PATCH This Month

The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Web Component Roles
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2014-9023 MEDIUM This Month

The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Twilio
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2014-9025 MEDIUM This Month

The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Commerce
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-9026 MEDIUM PATCH This Month

The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Ubercart
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy