Skip to main content
CVE-2014-9130 MEDIUM POC THREAT This Month

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 55.3%.

Denial Of Service Libyaml
NVD
CVSS 2.0
5.0
EPSS
55.3%
Threat
4.2
CVE-2014-9265 MEDIUM POC This Month

Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Samsung Buffer Overflow Smartviewer
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
8.6%
CVE-2014-9218 MEDIUM POC PATCH THREAT This Month

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Denial Of Service PHP Phpmyadmin
NVD Exploit-DB GitHub
CVSS 2.0
5.0
EPSS
15.3%
CVE-2014-9350 MEDIUM POC THREAT This Month

TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Denial Of Service TP-Link Tl Wr740N Firmware Tl Wr740N
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
13.0%
CVE-2014-9305 MEDIUM POC PATCH This Month

SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi PHP Cart66 Lite
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
3.7%
CVE-2014-9344 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Snowfox Content Management System
NVD GitHub Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-5462 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Openemr
NVD GitHub Exploit-DB
CVSS 2.0
6.5
EPSS
0.1%
CVE-2014-9343 MEDIUM POC PATCH This Month

Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Open Redirect Snowfox Content Management System
NVD GitHub
CVSS 2.0
5.8
EPSS
0.6%
CVE-2014-9217 MEDIUM POC This Month

Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Graylog2
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-9349 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Robotstats
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.3%
CVE-2014-9273 MEDIUM POC PATCH This Month

lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Buffer Overflow Opensuse Enterprise Linux Desktop Enterprise Linux Hpc Node +3
NVD GitHub
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-9219 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-8600 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Kwebkitpart Kde Runtime Kio Extras Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9263 MEDIUM This Month

Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow 3S Pocketnet Tech Video Management Software
NVD
CVSS 2.0
6.8
EPSS
7.0%
CVE-2014-9267 MEDIUM This Month

Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Isoview
NVD
CVSS 2.0
6.8
EPSS
4.0%
CVE-2014-9266 MEDIUM This Month

The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Samsung Code Injection Smart Viewer
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2014-9268 MEDIUM PATCH This Month

The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Design Review
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2014-4631 MEDIUM This Month

RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rsa Adaptive Authentication On Premise
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-9279 MEDIUM PATCH This Month

The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Mantisbt
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3616 MEDIUM This Month

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Nginx Information Disclosure Debian Linux
NVD
CVSS 2.0
4.3
EPSS
2.4%
CVE-2014-8106 MEDIUM This Month

Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Qemu
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2014-9270 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Mantisbt
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3797 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS VMware Vcenter Server Appliance
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9342 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Big Ip
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8371 MEDIUM This Month

VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vcenter Server Appliance
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy