Skip to main content
CVE-2013-6227 HIGH POC PATCH THREAT Act Now

Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%.

Zoho RCE PHP File Upload Ajaxplorer +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
19.4%
CVE-2014-9188 CRITICAL PATCH Act Now

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.6%.

Command Injection Schneider Electric RCE Buffer Overflow Proclima
NVD
CVSS 2.0
10.0
EPSS
19.6%
CVE-2013-6041 HIGH POC This Week

index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Webuzo
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.5%
CVE-2013-6043 MEDIUM POC THREAT This Month

The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.7%.

Information Disclosure Webuzo
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.7%
CVE-2014-8511 CRITICAL Act Now

Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow RCE Proclima
NVD
CVSS 2.0
10.0
EPSS
5.4%
CVE-2013-6919 MEDIUM POC PATCH This Month

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

SSRF Phpthumb
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8514 HIGH PATCH This Week

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Schneider Electric Buffer Overflow RCE Proclima
NVD
CVSS 2.0
7.5
EPSS
3.6%
CVE-2014-8513 HIGH PATCH This Week

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Schneider Electric Buffer Overflow RCE Proclima
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2014-8512 HIGH PATCH This Week

Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Schneider Electric Buffer Overflow RCE Proclima
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2013-4793 HIGH This Week

The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Umbraco Cms
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-0748 HIGH This Week

apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cray Linux Environment
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-5958 MEDIUM PATCH This Month

The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Symfony
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-6241 MEDIUM This Month

The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy