Skip to main content
CVE-2014-8799 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.1%.

Path Traversal WordPress PHP Dukapress
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
91.1%
Threat
5.2
CVE-2014-8801 MEDIUM POC THREAT This Month

Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 30.5%.

Path Traversal WordPress PHP Paid Memberships Pro
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
30.5%
CVE-2014-8429 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Xepan Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-4829 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM XSS CSRF Qradar Vulnerability Manager Qradar Security Information And Event Manager +1
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-4831 MEDIUM PATCH This Month

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Qradar Risk Manager Qradar Vulnerability Manager
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-3407 MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-6075 MEDIUM PATCH This Month

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Risk Manager Qradar Vulnerability Manager Qradar Security Information And Event Manager
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-7850 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Freeipa
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4832 MEDIUM PATCH This Month

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Risk Manager Qradar Vulnerability Manager Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4883 MEDIUM PATCH This Month

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Lwip
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy