Skip to main content
CVE-2015-0016 HIGH POC KEV PATCH THREAT Act Now

Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Path Traversal Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
92.1%
Threat
7.3
CVE-2014-100005 HIGH POC KEV PATCH THREAT Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

PHP D-Link CSRF
NVD VulDB
CVSS 3.1
8.0
EPSS
40.8%
Threat
5.8
CVE-2014-10021 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.5%.

RCE WordPress PHP File Upload Wp Symposium
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.5%
Threat
5.4
CVE-2014-10037 HIGH POC THREAT Act Now

Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 65.4%.

Path Traversal PHP Domphp
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
65.4%
Threat
5.0
CVE-2015-0002 HIGH POC THREAT Act Now

The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 38.2%.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +4
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
38.2%
Threat
4.1
CVE-2014-10031 HIGH POC THREAT Act Now

Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.4%.

Qualcomm Buffer Overflow RCE Eudora Worldmail
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
39.4%
Threat
4.2
CVE-2015-0004 HIGH POC THREAT Act Now

The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 24.1%.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
24.1%
CVE-2014-10011 HIGH POC THREAT Act Now

Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

RCE Buffer Overflow Tv Ip422W Tv Ip422Wn
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
20.8%
CVE-2015-0015 HIGH Act Now

Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 38.9% and no vendor patch available.

Denial Of Service Microsoft Windows Server 2003 Windows Server 2008 Windows Server 2012
NVD
CVSS 2.0
7.8
EPSS
38.9%
CVE-2014-100014 HIGH POC THREAT Act Now

Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

RCE Buffer Overflow Product Data Management
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
10.1%
CVE-2014-10029 HIGH POC This Week

SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fluxbb
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.3%
CVE-2014-10023 HIGH POC This Week

Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Topicsviewer
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.1%
CVE-2014-10024 HIGH POC This Week

Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Directshowdemuxfilter Player Web Player
NVD
CVSS 2.0
7.5
EPSS
3.4%
CVE-2014-10015 HIGH POC This Week

SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Event Booking Calendar
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-100020 HIGH POC This Week

SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Itechclassifieds
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-10013 HIGH POC This Week

SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Awp Classifieds
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-100003 HIGH POC This Week

SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Yourmembers
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-100031 HIGH POC This Week

Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ganesha Digital Library
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-10038 HIGH POC This Week

SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Domphp
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-10020 HIGH POC This Week

SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple E Document
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-100022 HIGH POC PATCH This Week

SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi PHP Mtouch Quiz
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-10017 HIGH POC This Week

Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP E Commerce
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-10004 HIGH POC This Week

SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Maian Uploader
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-100011 HIGH POC This Week

SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sendy
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-100012 HIGH POC This Week

SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sendy
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.2%
CVE-2015-0307 HIGH PATCH This Week

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Google Buffer Overflow Microsoft Adobe +4
NVD
CVSS 2.0
8.5
EPSS
5.6%
CVE-2014-100019 HIGH This Week

SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pomm
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-100035 HIGH This Week

SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Arcticdesk
NVD
CVSS 2.0
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy