Skip to main content
CVE-2014-8791 MEDIUM POC THREAT This Month

project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 52.4%.

RCE PHP Code Injection Tuleap
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
52.4%
Threat
4.3
CVE-2014-5284 HIGH POC PATCH This Week

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Ossec
NVD Exploit-DB GitHub
CVSS 2.0
7.2
EPSS
9.7%
CVE-2014-9175 HIGH POC This Week

SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Wpdatatables
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-9181 MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Path Traversal Media Server
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
15.3%
CVE-2014-9173 HIGH POC This Week

SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Google Google Doc Embedder
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.8%
CVE-2014-9178 HIGH POC This Week

Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Sp Project Document Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-8728 HIGH POC This Week

SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Roc Fraud Management System
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-9113 HIGH POC This Week

CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Prosystem Fx Engagement
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
1.5%
CVE-2014-9183 CRITICAL Act Now

ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Authentication Bypass Zxdsl
NVD
CVSS 2.0
10.0
EPSS
5.2%
CVE-2014-9180 MEDIUM POC This Month

Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Eleanor Cms
NVD
CVSS 2.0
5.0
EPSS
8.4%
CVE-2014-9184 MEDIUM POC This Month

ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zte Authentication Bypass Zxdsl
NVD
CVSS 2.0
5.0
EPSS
6.9%
CVE-2014-9116 MEDIUM POC This Month

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Linux Enterprise Desktop Suse Linux Enterprise Server Mutt +2
NVD
CVSS 2.0
5.0
EPSS
3.5%
CVE-2014-9112 MEDIUM POC This Month

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Cpio Debian Linux
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-9177 MEDIUM POC PATCH This Month

The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP Information Disclosure Html5 Mp3 Player With Playlist Free
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-8874 MEDIUM POC This Month

The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ke Questionnaire
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-9182 MEDIUM POC This Month

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Anchor Cms
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9176 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Sexy Squeeze Pages
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9179 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)". Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Supportezzy Ticket System
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3065 MEDIUM This Month

Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8. Rated medium severity (CVSS 6.9). No vendor patch available.

IBM Java RCE Code Injection
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-8789 MEDIUM This Month

GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Filevista
NVD
CVSS 2.0
6.5
EPSS
1.7%
CVE-2014-3068 MEDIUM This Month

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Authentication Bypass
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2014-8754 MEDIUM This Month

Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP Open Redirect Ad Manager
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2014-3703 MEDIUM This Month

OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Packstack
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-9174 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Google Google Analytics
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8788 MEDIUM This Month

GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Filevista
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-6494 LOW PATCH Monitor

fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Fedup
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy