Skip to main content
CVE-2014-8791 MEDIUM POC THREAT This Month

project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 52.4%.

RCE PHP Code Injection Tuleap
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
52.4%
Threat
4.3
CVE-2014-9181 MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Path Traversal Media Server
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
15.3%
CVE-2014-9180 MEDIUM POC This Month

Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Eleanor Cms
NVD
CVSS 2.0
5.0
EPSS
8.4%
CVE-2014-9184 MEDIUM POC This Month

ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zte Authentication Bypass Zxdsl
NVD
CVSS 2.0
5.0
EPSS
6.9%
CVE-2014-9116 MEDIUM POC This Month

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Linux Enterprise Desktop Suse Linux Enterprise Server Mutt +2
NVD
CVSS 2.0
5.0
EPSS
3.5%
CVE-2014-9112 MEDIUM POC This Month

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Cpio Debian Linux
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-9177 MEDIUM POC PATCH This Month

The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP Information Disclosure Html5 Mp3 Player With Playlist Free
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-8874 MEDIUM POC This Month

The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ke Questionnaire
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-9182 MEDIUM POC This Month

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Anchor Cms
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9176 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Sexy Squeeze Pages
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9179 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)". Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Supportezzy Ticket System
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3065 MEDIUM This Month

Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8. Rated medium severity (CVSS 6.9). No vendor patch available.

IBM Java RCE Code Injection
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-8789 MEDIUM This Month

GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Filevista
NVD
CVSS 2.0
6.5
EPSS
1.7%
CVE-2014-3068 MEDIUM This Month

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Authentication Bypass
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2014-8754 MEDIUM This Month

Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP Open Redirect Ad Manager
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2014-3703 MEDIUM This Month

OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Packstack
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-9174 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Google Google Analytics
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8788 MEDIUM This Month

GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Filevista
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy