Skip to main content
CVE-2014-3996 HIGH POC THREAT Act Now

SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.2%.

Zoho SQLi It360 Password Manager Pro Desktop Central
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
71.2%
Threat
5.1
CVE-2014-8877 CRITICAL POC THREAT Emergency

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 30.1%.

RCE WordPress PHP Code Injection Cm Download Manager
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
30.1%
Threat
4.4
CVE-2014-9144 HIGH POC This Week

Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Td5130 Router Firmware
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
8.9%
CVE-2014-8990 HIGH POC PATCH This Week

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Debian Linux Fedora Lsyncd
NVD GitHub
CVSS 2.0
7.5
EPSS
4.3%
CVE-2014-9215 HIGH POC This Week

SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pbboard
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.4%
CVE-2014-3997 HIGH POC This Week

SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho SQLi Manageengine Password Manager Pro Manageengine It360
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.3%
CVE-2014-2273 HIGH POC This Week

The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Huawei P2 6011 Firmware
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-9129 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Cm Download Manager
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-6040 MEDIUM POC PATCH This Month

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Glibc
NVD
CVSS 2.0
5.0
EPSS
7.2%
CVE-2014-9140 MEDIUM POC PATCH This Month

Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Tcpdump
NVD GitHub
CVSS 2.0
5.0
EPSS
5.5%
CVE-2014-9292 MEDIUM POC This Month

Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP SSRF Jrss Widget
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2012-6656 MEDIUM POC This Month

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Ubuntu Linux Glibc
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-8123 MEDIUM POC This Month

Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Antiword
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-9143 MEDIUM POC This Month

Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Td5130 Router Firmware
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.6%
CVE-2014-9142 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Td5130 Router Firmware
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.3%
CVE-2014-8800 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Nextend Facebook Connect
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.1%
CVE-2014-7258 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Clip Board
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9212 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Altitude Unified Customer Interaction
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-7256 HIGH This Week

The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Internet Initiative Japan Inc. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Seil Plus Firmware Seil Plus Seil B1 Firmware Seil X1 Firmware +4
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2014-7255 HIGH This Week

Internet Initiative Japan Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Seil B1 Firmware Seil X2 Firmware Seil X1 Firmware Seil X86 Fuji Firmware
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2014-7253 HIGH This Week

FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Google Arrows Kiss F 03D Arrows Tab Lte F 01D F 12C +1
NVD
CVSS 2.0
7.2
EPSS
0.3%
CVE-2014-4703 LOW POC PATCH Monitor

lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nagios
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.3%
CVE-2014-4701 LOW POC PATCH Monitor

The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nagios
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-3627 MEDIUM PATCH This Month

The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Apache Hadoop
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-7243 MEDIUM This Month

LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure L 04D L 09C L 03E
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-7259 MEDIUM This Month

SQUARE ENIX Co., Ltd. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Kaku San Sei Million Aruthur
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-7252 MEDIUM This Month

Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Disney Mobile Arrows Tab Lte F 01D Softbank 102Sh Regza Phone T 01D +2
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-7254 MEDIUM This Month

Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Arrows Me F 11D
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4702 LOW PATCH Monitor

The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nagios
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3561 LOW Monitor

The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure PostgreSQL Enterprise Virtualization
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy