Skip to main content
CVE-2014-9277 HIGH POC PATCH This Week

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Mediawiki
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-9509 HIGH POC PATCH This Week

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Typo3
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-2131 MEDIUM POC THREAT This Month

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Denial Of Service Python Rrdtool
NVD GitHub Exploit-DB
CVSS 2.0
5.0
EPSS
12.9%
CVE-2014-9508 MEDIUM POC PATCH This Month

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Typo3
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9276 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

XSS CSRF Mediawiki
NVD
CVSS 2.0
5.1
EPSS
0.1%
CVE-2014-9506 LOW Monitor

MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mantisbt
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-9507 LOW PATCH Monitor

MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Mediawiki
NVD
CVSS 2.0
2.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy