Skip to main content
CVE-2014-8799 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.1%.

Path Traversal WordPress PHP Dukapress
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
91.1%
Threat
5.2
CVE-2014-8424 HIGH POC THREAT Act Now

ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 53.5%.

Authentication Bypass Vap2500 Firmware
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
53.5%
Threat
4.7
CVE-2014-8423 CRITICAL POC THREAT Emergency

Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 41.7%.

Information Disclosure Vap2500 Firmware
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
41.7%
Threat
4.8
CVE-2014-7178 CRITICAL POC THREAT Emergency

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.4%.

PHP Information Disclosure Tuleap
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
10.4%
CVE-2014-8801 MEDIUM POC THREAT This Month

Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 30.5%.

Path Traversal WordPress PHP Paid Memberships Pro
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
30.5%
CVE-2014-8425 HIGH POC THREAT Act Now

The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Information Disclosure Vap2500 Firmware
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
12.5%
CVE-2014-9089 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Debian Linux Mantisbt
NVD GitHub
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-8429 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Xepan Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-4829 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM XSS CSRF Qradar Vulnerability Manager Qradar Security Information And Event Manager +1
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-4831 MEDIUM PATCH This Month

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Qradar Risk Manager Qradar Vulnerability Manager
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-3407 MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-6075 MEDIUM PATCH This Month

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Risk Manager Qradar Vulnerability Manager Qradar Security Information And Event Manager
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-7850 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Freeipa
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4832 MEDIUM PATCH This Month

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Risk Manager Qradar Vulnerability Manager Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4883 MEDIUM PATCH This Month

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Lwip
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-8994 LOW Monitor

The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Check Diskio
NVD
CVSS 2.0
3.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy