Skip to main content
CVE-2014-9119 MEDIUM POC THREAT This Month

Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.1%.

Path Traversal WordPress PHP Db Backup
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
51.1%
Threat
4.0
CVE-2014-8145 HIGH POC THREAT Act Now

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Buffer Overflow Microsoft Sound Exchange Debian Linux Solaris
NVD
CVSS 2.0
7.5
EPSS
13.0%
CVE-2014-9254 HIGH POC This Week

bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Minibb
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-9392 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (pictobrowser-gallery) plugin 0.3.1 and earlier for WordPress allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Pictobrowser
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9399 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the TweetScribe plugin 1.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Tweetscribe
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9393 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Post To Twitter
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9391 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the gSlideShow plugin 0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Gslideshow
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9431 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Smoothwall
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9401 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Wp Limit Posts Automatically
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9400 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp Unique Article Header Image plugin 1.0 and earlier for WordPress allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Wp Unique Article Header Image
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9398 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Twitter Liveblog
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9397 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Twimp Wp
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9396 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Simpleflickr
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9395 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Simplelife
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9394 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Pwgrandom
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9425 HIGH Act Now

Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.5% and no vendor patch available.

Denial Of Service PHP Mac Os X
NVD
CVSS 2.0
7.5
EPSS
15.5%
CVE-2014-9432 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Serendipity
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9367 MEDIUM POC This Month

Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Twiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9325 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Twiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9430 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Smoothwall
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9429 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Smoothwall
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9426 HIGH This Week

The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service PHP Buffer Overflow
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2014-8144 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Doorkeeper
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9433 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Contendio
NVD
CVSS 2.0
2.6
EPSS
0.4%
CVE-2014-8752 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE-Tech PHP Video Script (aka Video Niche Script) 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Video Niche Script
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy