Skip to main content
CVE-2014-7141 MEDIUM PATCH This Month

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 77.3%.

Denial Of Service Buffer Overflow Squid
NVD
CVSS 2.0
6.4
EPSS
77.3%
CVE-2014-7142 MEDIUM This Month

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 64.2% and no vendor patch available.

Denial Of Service Solaris Ubuntu Linux Squid
NVD
CVSS 2.0
6.4
EPSS
64.2%
CVE-2014-9028 HIGH Act Now

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.7% and no vendor patch available.

RCE Buffer Overflow Libflac
NVD
CVSS 2.0
7.5
EPSS
25.7%
CVE-2014-9097 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi PHP Contus Video Gallery
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.5%
CVE-2014-9095 HIGH POC This Week

Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Power Iq
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-9096 HIGH POC This Week

Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pligg Cms
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-9101 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Skadate Lite Oxwall
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
2.8%
CVE-2014-7247 CRITICAL PATCH Act Now

Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Ichitaro Ichitaro Pro
NVD
CVSS 2.0
10.0
EPSS
6.0%
CVE-2014-8551 CRITICAL Act Now

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Siemens Simatic Pcs 7 Simatic Pcs7 +2
NVD
CVSS 2.0
10.0
EPSS
5.8%
CVE-2014-9104 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Openvpn Access Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-9099 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Whydowork Adsense
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-9102 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Kunena
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-8962 HIGH Act Now

Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.7% and no vendor patch available.

RCE Buffer Overflow Libflac
NVD
CVSS 2.0
7.5
EPSS
14.7%
CVE-2014-9094 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Video Gallery
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
7.2%
CVE-2014-9103 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Kunena
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9100 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Whydowork Adsense
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9093 HIGH This Week

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Libreoffice Fedora Ubuntu Linux +1
NVD
CVSS 2.0
7.5
EPSS
3.3%
CVE-2014-9098 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Contus Video Gallery
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-8419 HIGH This Week

Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Codemeter Runtime
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-2037 MEDIUM This Month

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openswan
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-8005 MEDIUM This Month

Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Apple Denial Of Service Cisco Ios Xr
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-8552 MEDIUM This Month

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Pcs 7 Simatic Pcs7 Simatic Tiaportal +1
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-6196 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Web Experience Factory
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-6610 MEDIUM PATCH This Month

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Certified Asterisk Asterisk
NVD
CVSS 2.0
4.0
EPSS
1.5%
CVE-2014-6609 MEDIUM PATCH This Month

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Asterisk
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2014-6093 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Portal
NVD
CVSS 2.0
3.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy