Skip to main content
CVE-2014-1905 CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.0%.

Command Injection WordPress PHP File Upload Videowhisper Live Streaming Integration
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
18.0%
Threat
4.0
CVE-2014-3556 MEDIUM PATCH This Month

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 48.2%.

Nginx Command Injection
NVD
CVSS 2.0
6.8
EPSS
48.2%
CVE-2014-1908 MEDIUM POC This Month

The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Videowhisper Live Streaming Integration
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.4%
CVE-2014-9424 HIGH This Week

Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libressl
NVD GitHub
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-8109 MEDIUM PATCH This Month

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.7%.

Apache Authentication Bypass Http Server Ubuntu Linux Fedora +2
NVD GitHub
CVSS 2.0
4.3
EPSS
11.7%
CVE-2014-6168 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Security Identity Manager
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-8132 MEDIUM PATCH This Month

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libssh Debian Linux Opensuse Fedora +1
NVD
CVSS 2.0
5.0
EPSS
3.3%
CVE-2014-2224 MEDIUM This Month

Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Plogger
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-6160 LOW Monitor

IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Google Websphere Service Registry And Repository Chrome
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-6123 LOW Monitor

IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Appscan Source Security Appscan Source
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy