Skip to main content
CVE-2014-4936 CRITICAL POC THREAT Emergency

The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.9%.

RCE Malwarebytes Anti Exploit Malwarebytes Anti Malware
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
18.9%
CVE-2014-9357 CRITICAL PATCH Act Now

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.2%.

Docker RCE Privilege Escalation
NVD
CVSS 2.0
10.0
EPSS
36.2%
CVE-2014-8118 CRITICAL Act Now

Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.8% and no vendor patch available.

RCE Buffer Overflow Rpm
NVD
CVSS 2.0
10.0
EPSS
11.8%
CVE-2014-9371 CRITICAL Act Now

The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Zoho RCE Manageengine Desktop Central
NVD
CVSS 2.0
10.0
EPSS
10.2%
CVE-2014-5359 HIGH POC This Week

Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Safenet Authentication Service Outlook Web Access Agent
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2014-8340 HIGH POC This Week

SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Phptraffica
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-9373 CRITICAL Act Now

Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Zoho Netflow Analyzer
NVD
CVSS 2.0
10.0
EPSS
6.8%
CVE-2014-9323 MEDIUM POC This Month

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Firebird Evergreen Debian Linux +1
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2013-6435 HIGH This Week

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Rpm Debian Linux
NVD
CVSS 2.0
7.6
EPSS
5.1%
CVE-2014-9057 HIGH This Week

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Debian Linux Movable Type
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-8583 MEDIUM PATCH This Month

mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via. Rated medium severity (CVSS 6.9).

Information Disclosure Apache Mod Wsgi
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-8246 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Release Automation
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-9372 MEDIUM This Month

Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho Password Manager Pro
NVD
CVSS 2.0
6.4
EPSS
1.6%
CVE-2014-8248 MEDIUM This Month

SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Release Automation
NVD
CVSS 2.0
6.5
EPSS
1.1%
CVE-2014-9358 MEDIUM PATCH This Month

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Docker Path Traversal
NVD
CVSS 2.0
6.4
EPSS
0.4%
CVE-2014-8964 MEDIUM This Month

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Pcre MariaDB Fedora +8
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-8247 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Release Automation
NVD
CVSS 2.0
4.3
EPSS
4.5%
CVE-2014-6176 MEDIUM This Month

IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Business Process Manager Websphere Enterprise Service Bus Websphere Process Server
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5466 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Splunk
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8751 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Webpress
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-5353 LOW PATCH Monitor

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 Enterprise Linux Desktop Enterprise Linux Eus +9
NVD GitHub
CVSS 2.0
3.5
EPSS
0.7%
CVE-2014-5354 LOW Monitor

plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Kerberos Kerberos 5
NVD GitHub
CVSS 2.0
3.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy