Skip to main content
CVE-2014-9456 CRITICAL POC THREAT Emergency

Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.3%.

Buffer Overflow Notepad
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
26.3%
Threat
4.3
CVE-2014-9448 HIGH POC This Week

Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Rm Mp3 Converter
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
8.2%
CVE-2014-9451 HIGH POC This Week

Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENSE (formerly DIVA) 2.3.13 allow remote attackers to execute arbitrary code via the (1) user or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Vdg Sense
NVD
CVSS 2.0
7.5
EPSS
7.6%
CVE-2014-9436 MEDIUM POC THREAT This Month

Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%.

Path Traversal Sysaid
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
14.5%
CVE-2014-9440 HIGH POC This Week

SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Phpmyrecipes
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-9445 HIGH POC This Week

SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP SQLi Gatequest File Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-9455 HIGH POC This Week

SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Classad
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-7418 MEDIUM POC This Month

cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE XSS Ipcop
NVD
CVSS 2.0
6.5
EPSS
3.9%
CVE-2014-9454 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF WordPress PHP Simple Sticky Footer
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-9435 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Absolut Engine
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.7%
CVE-2014-9460 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Wp Vipergb
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9438 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Vbulletin
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9441 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Lightbox Photo Gallery
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9437 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Sliding Social Icons
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9457 MEDIUM POC This Month

SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pmb
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.7%
CVE-2014-9442 MEDIUM POC PATCH This Month

SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi PHP Cart66 Lite
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-9458 CRITICAL Act Now

Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ida
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2014-9452 MEDIUM POC This Month

Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Vdg Sense
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-9444 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Frontend Uploader
NVD
CVSS 2.0
4.3
EPSS
3.3%
CVE-2014-9439 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Easy File Sharing Web Server
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.2%
CVE-2013-7417 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Ipcop
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9428 HIGH PATCH This Week

The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
7.8
EPSS
2.9%
CVE-2014-9446 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Koha
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9453 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Simple Visitor Stat
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9434 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Absolut Engine
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.7%
CVE-2014-9450 HIGH This Week

Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Zabbix
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-9461 LOW POC Monitor

Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Cart66 Lite
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-9447 MEDIUM This Month

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a /. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Elfutils
NVD
CVSS 2.0
6.4
EPSS
3.5%
CVE-2014-9459 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF PHP E107
NVD GitHub
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-7294 MEDIUM This Month

Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Opensso Integration
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-9449 MEDIUM This Month

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Exiv2 Fedora
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-9443 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress Relevanssi
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-7293 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Opensso Integration
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy