Skip to main content
CVE-2014-5284 HIGH POC PATCH This Week

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Ossec
NVD Exploit-DB GitHub
CVSS 2.0
7.2
EPSS
9.7%
CVE-2014-9175 HIGH POC This Week

SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Wpdatatables
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-9173 HIGH POC This Week

SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Google Google Doc Embedder
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.8%
CVE-2014-9178 HIGH POC This Week

Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Sp Project Document Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-8728 HIGH POC This Week

SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Roc Fraud Management System
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-9113 HIGH POC This Week

CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Prosystem Fx Engagement
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy