Skip to main content
CVE-2014-9567 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%.

RCE PHP Code Injection File Upload Projectsend
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
82.9%
Threat
5.5
CVE-2014-3779 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Adselfservice Plus
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9569 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS SAP Netweaver Business Client For Html
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0361 HIGH PATCH This Week

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2014-4636 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Documentum Wdk
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-4637 MEDIUM This Month

Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Documentum Wdk
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-9221 MEDIUM This Month

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Strongswan Opensuse Ubuntu Linux +2
NVD
CVSS 2.0
5.0
EPSS
6.9%
CVE-2014-9493 MEDIUM PATCH This Month

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file:. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openstack Image Registry And Delivery Service Glance
NVD
CVSS 2.0
5.5
EPSS
0.8%
CVE-2014-4639 MEDIUM This Month

EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Documentum Wdk
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4638 MEDIUM This Month

EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Documentum Wdk
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8993 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4635 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Documentum Wdk
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1425 LOW Monitor

cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cgmanager Ubuntu Linux
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy