Skip to main content
CVE-2014-9157 HIGH POC PATCH This Week

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Debian Linux Graphviz
NVD GitHub
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-9240 HIGH POC PATCH This Week

SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Mybb
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.3%
CVE-2013-7416 HIGH POC PATCH This Week

canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Canto Curses
NVD GitHub
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-9237 HIGH POC This Week

SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Proticaret
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-9242 HIGH POC This Week

SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Websitebaker
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-9239 HIGH POC PATCH This Week

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Invision Power Board
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-8775 MEDIUM POC THREAT This Month

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.1%.

Information Disclosure Modx Revolution
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
12.1%
CVE-2014-9141 HIGH POC This Week

The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Fixed Assets Cs
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.3%
CVE-2014-8773 MEDIUM POC This Month

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Modx Revolution
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-8771 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF X3 Cms
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9134 CRITICAL Act Now

Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Huawei File Upload Honor Cube Wireless Router Ws860S Firewall Honor Cube Wireless Router Ws860S
NVD
CVSS 2.0
10.0
EPSS
3.8%
CVE-2014-9235 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zoph
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.7%
CVE-2014-9018 MEDIUM POC This Month

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecast
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-9238 MEDIUM POC This Month

D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dcs 2103 Hd Cube Network Camera Firmware
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-9234 MEDIUM POC This Month

Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dcs 2103 Hd Cube Network Camera Firmware
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-9241 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Mybb
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-8774 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Modx Revolution
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-9243 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Websitebaker
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9236 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Zoph
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-3988 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Kcfinder
NVD GitHub
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9220 HIGH PATCH This Week

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Fedora Openvas Manager Opensuse
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-8772 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS X3 Cms
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-8104 MEDIUM This Month

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mageia Debian Linux Opensuse Openvpn +2
NVD
CVSS 2.0
6.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy