Skip to main content
CVE-2014-7285 MEDIUM POC THREAT This Month

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.0%.

Command Injection PHP Web Gateway
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
74.0%
Threat
5.0
CVE-2014-8117 MEDIUM PATCH This Month

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.5%.

Denial Of Service File Freebsd Mageia Ubuntu Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
16.5%
CVE-2014-8116 MEDIUM PATCH This Month

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.9%.

Denial Of Service File Freebsd Mageia Ubuntu Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
15.9%
CVE-2014-5437 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS CSRF PHP Touchstone Tg862G Ct Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-4844 MEDIUM This Month

The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2013-7402 MEDIUM This Month

Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service C Icap
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2014-7880 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

HP Denial Of Service Tcp Ip Services Openvms
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-8553 MEDIUM This Month

The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Mantisbt
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-9388 MEDIUM This Month

bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Mantisbt
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-9253 MEDIUM PATCH This Month

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Dokuwiki Mageia
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-8006 MEDIUM This Month

The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Isb8320 E High Definition Ip Only Dvr
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-6182 MEDIUM PATCH This Month

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy