Skip to main content
CVE-2014-8272 MEDIUM POC THREAT This Month

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 59.6%.

Information Disclosure Dell Idrac6 Modular Idrac7 Ipmi +1
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
59.6%
Threat
4.3
CVE-2014-6395 HIGH POC THREAT Act Now

Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.6%.

Denial Of Service RCE Buffer Overflow Ettercap
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
26.6%
CVE-2014-9258 MEDIUM POC PATCH This Month

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Glpi
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
9.1%
CVE-2014-7249 CRITICAL Act Now

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Centrecom Ar415S Firmware Centrecom Ar415S At 8624T 2M Firmware +45
NVD
CVSS 2.0
10.0
EPSS
8.4%
CVE-2014-7208 HIGH POC This Week

GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gparted
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.5%
CVE-2014-9368 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Twitterdash
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9341 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Yurl Retwitt
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9340 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Wpcommenttwit
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9339 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Spnbabble
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9338 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP O2Tweet
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9337 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and earlier for WordPress allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Mikiurl Wordpress Eklentisi
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9336 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Itwitter
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9335 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Dandyid Services
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9185 MEDIUM POC This Month

Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Morfy Cms
NVD GitHub
CVSS 2.0
6.5
EPSS
0.6%
CVE-2013-7401 MEDIUM POC This Month

The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow C Icap
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2014-9408 MEDIUM POC This Month

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Activator Real Time Location System Controller B4 Staff Badge Tag Firmware B4 Staff Badge Tag
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-5213 MEDIUM POC This Month

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edirectory
NVD
CVSS 2.0
4.0
EPSS
2.1%
CVE-2014-8724 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress W3 Total Cache
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-8793 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Revive Adserver
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9376 HIGH This Week

Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Ettercap
NVD GitHub
CVSS 2.0
7.5
EPSS
3.1%
CVE-2014-6396 HIGH This Week

The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Ettercap
NVD GitHub
CVSS 2.0
7.5
EPSS
2.8%
CVE-2014-9379 HIGH This Week

The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Ettercap
NVD GitHub
CVSS 2.0
7.5
EPSS
2.8%
CVE-2014-9377 HIGH This Week

Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Ettercap
NVD GitHub
CVSS 2.0
7.5
EPSS
2.8%
CVE-2014-9378 HIGH This Week

Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Ettercap
NVD GitHub
CVSS 2.0
7.5
EPSS
2.7%
CVE-2014-7241 MEDIUM This Month

The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Java Tsutaya
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-5212 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.7% and no vendor patch available.

XSS Edirectory
NVD
CVSS 2.0
4.3
EPSS
12.7%
CVE-2014-9407 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF PHP Revive Adserver
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-9324 MEDIUM This Month

The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Otrs Help Desk
NVD
CVSS 2.0
6.0
EPSS
1.0%
CVE-2014-8135 LOW POC Monitor

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libvirt
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-9381 MEDIUM PATCH This Month

Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ettercap
NVD GitHub
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-9380 MEDIUM This Month

The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ettercap
NVD GitHub
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-8875 MEDIUM PATCH This Month

The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service PHP Revive Adserver
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4442 MEDIUM PATCH This Month

Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Pwgen
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4440 MEDIUM PATCH This Month

Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Pwgen
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8016 MEDIUM This Month

The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ironport Email Security Appliances
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-6193 MEDIUM PATCH This Month

IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

IBM Code Injection Websphere Portal
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-7268 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Atlassian Wbs Gantt Chart
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2716 MEDIUM This Month

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Real Time Location System Controller Activator B4 Staff Badge Tag Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2026 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Intrexx
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6171 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Portal
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8902 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Websphere Portal
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9135 MEDIUM This Month

The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Huawei P7 L10 Firmware
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9403 MEDIUM This Month

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Znc
NVD GitHub
CVSS 2.0
4.0
EPSS
1.1%
CVE-2014-9355 MEDIUM This Month

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-6173 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-7267 LOW Monitor

Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Atlassian Wbs Gantt Chart
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4801 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Rational Quality Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-8136 LOW Monitor

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Mageia Libvirt Ubuntu Linux +5
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy