Skip to main content
CVE-2014-9157 HIGH POC PATCH This Week

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Debian Linux Graphviz
NVD GitHub
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-9240 HIGH POC PATCH This Week

SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Mybb
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.3%
CVE-2013-7416 HIGH POC PATCH This Week

canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Canto Curses
NVD GitHub
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-9237 HIGH POC This Week

SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Proticaret
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-9242 HIGH POC This Week

SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Websitebaker
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-9239 HIGH POC PATCH This Week

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Invision Power Board
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-9141 HIGH POC This Week

The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Fixed Assets Cs
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.3%
CVE-2014-9220 HIGH PATCH This Week

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Fedora Openvas Manager Opensuse
NVD
CVSS 2.0
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy