Skip to main content
CVE-2014-4880 HIGH POC THREAT Act Now

Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.6%.

Hikvision RCE Buffer Overflow Dvr Ds 7204 Firmware
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.6%
Threat
5.4
CVE-2014-9130 MEDIUM POC THREAT This Month

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 55.3%.

Denial Of Service Libyaml
NVD
CVSS 2.0
5.0
EPSS
55.3%
Threat
4.2
CVE-2014-9029 HIGH Act Now

Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 32.6% and no vendor patch available.

RCE Buffer Overflow Jasper
NVD
CVSS 2.0
7.5
EPSS
32.6%
CVE-2014-9265 MEDIUM POC This Month

Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Samsung Buffer Overflow Smartviewer
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
8.6%
CVE-2014-9218 MEDIUM POC PATCH THREAT This Month

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Denial Of Service PHP Phpmyadmin
NVD Exploit-DB GitHub
CVSS 2.0
5.0
EPSS
15.3%
CVE-2014-9280 HIGH POC PATCH This Week

The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Code Injection Mantisbt
NVD GitHub
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-9348 HIGH POC This Week

SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Robotstats
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-9345 HIGH POC This Week

SQL injection vulnerability in Guruperl.net Advertise With Pleasure!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Advertise With Pleasure
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-1693 HIGH POC This Week

Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Erlang Otp
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-9350 MEDIUM POC THREAT This Month

TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Denial Of Service TP-Link Tl Wr740N Firmware Tl Wr740N
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
13.0%
CVE-2014-9347 HIGH POC This Week

SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Phpmyrecipes
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-9305 MEDIUM POC PATCH This Month

SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi PHP Cart66 Lite
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
3.7%
CVE-2014-9344 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Snowfox Content Management System
NVD GitHub Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2013-2810 CRITICAL Act Now

Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dl 8000 Remote Terminal Unit Firmware Dl 8000 Remote Terminal Unit Roc 800L Remote Terminal Unit Firmware Roc 800L Remote Terminal Unit +2
NVD
CVSS 2.0
10.0
EPSS
3.0%
CVE-2014-5462 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Openemr
NVD GitHub Exploit-DB
CVSS 2.0
6.5
EPSS
0.1%
CVE-2014-9343 MEDIUM POC PATCH This Month

Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Open Redirect Snowfox Content Management System
NVD GitHub
CVSS 2.0
5.8
EPSS
0.6%
CVE-2014-9217 MEDIUM POC This Month

Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Graylog2
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-9349 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Robotstats
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.3%
CVE-2014-9273 MEDIUM POC PATCH This Month

lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Buffer Overflow Opensuse Enterprise Linux Desktop Enterprise Linux Hpc Node +3
NVD GitHub
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-9219 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-8600 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Kwebkitpart Kde Runtime Kio Extras Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9263 MEDIUM This Month

Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow 3S Pocketnet Tech Video Management Software
NVD
CVSS 2.0
6.8
EPSS
7.0%
CVE-2014-9267 MEDIUM This Month

Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Isoview
NVD
CVSS 2.0
6.8
EPSS
4.0%
CVE-2014-9266 MEDIUM This Month

The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Samsung Code Injection Smart Viewer
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2014-9268 MEDIUM PATCH This Month

The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Design Review
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2014-4631 MEDIUM This Month

RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rsa Adaptive Authentication On Premise
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-9279 MEDIUM PATCH This Month

The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Mantisbt
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3616 MEDIUM This Month

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Nginx Information Disclosure Debian Linux
NVD
CVSS 2.0
4.3
EPSS
2.4%
CVE-2014-8106 MEDIUM This Month

Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2014-9270 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Mantisbt
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3797 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS VMware Vcenter Server Appliance
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9342 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Big Ip
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8371 MEDIUM This Month

VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vcenter Server Appliance
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-9346 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Hierarchical Select
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy