Skip to main content
CVE-2014-8137 MEDIUM This Month

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 31.5% and no vendor patch available.

RCE Denial Of Service Jasper Enterprise Linux
NVD
CVSS 2.0
6.8
EPSS
31.5%
CVE-2014-8810 MEDIUM POC This Month

SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Wp Symposium
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
3.4%
CVE-2014-9414 MEDIUM POC This Month

The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP W3 Total Cache
NVD GitHub
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-9413 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF WordPress PHP Ip Ban
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-9334 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Bird Feeder
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9416 MEDIUM POC This Month

Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1). Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

RCE Huawei Espace Desktop
NVD Exploit-DB
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-8809 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Symposium
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3569 MEDIUM This Month

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
7.6%
CVE-2014-6187 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM CSRF Websphere Service Registry And Repository
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2014-7994 MEDIUM This Month

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and. Rated medium severity (CVSS 5.4). No vendor patch available.

Cisco Information Disclosure Meraki Mr Firmware Meraki Mr Meraki Mx Firmware +3
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6153 MEDIUM This Month

The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Websphere Service Registry And Repository
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-6179 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Service Registry And Repository
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6186 MEDIUM This Month

IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Websphere Service Registry And Repository
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-6155 MEDIUM This Month

Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Websphere Service Registry And Repository
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-6177 MEDIUM This Month

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Websphere Service Registry And Repository
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-6181 MEDIUM This Month

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Websphere Service Registry And Repository
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy