Skip to main content
CVE-2014-9308 MEDIUM POC PATCH THREAT This Month

Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%.

RCE WordPress PHP File Upload Wp Easycart
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
82.9%
Threat
5.3
CVE-2014-8904 HIGH POC This Week

lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

IBM Privilege Escalation Vios Aix
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.6%
CVE-2014-7957 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF WordPress PHP Pods
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-8738 MEDIUM POC This Month

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Fedora Debian Linux Binutils +1
NVD
CVSS 2.0
5.0
EPSS
8.0%
CVE-2015-0552 MEDIUM POC This Month

Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gcab Opensuse
NVD
CVSS 2.0
6.4
EPSS
0.7%
CVE-2014-8870 MEDIUM POC This Month

Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Open Redirect Tapatalk
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-0171 MEDIUM POC This Month

XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Red Hat XXE Jboss Data Virtualization Odata4J
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-1041 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP E107
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-1052 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Phpkit
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8869 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Tapatalk
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-1050 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Big Ip Application Security Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1039 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Zfcuser
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9570 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Simple Security
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-7956 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Pods
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9560 HIGH This Week

SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Softbb
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-1040 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Bedita
NVD GitHub
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-9587 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Webmail
NVD
CVSS 2.0
6.8
EPSS
3.7%
CVE-2014-9595 MEDIUM This Month

Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE SAP Buffer Overflow Sap Kernel
NVD
CVSS 2.0
6.5
EPSS
1.7%
CVE-2014-9594 MEDIUM This Month

Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE SAP Buffer Overflow Sap Kernel
NVD
CVSS 2.0
6.5
EPSS
1.7%
CVE-2015-0588 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Unified Communications Domain Manager
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-8398 MEDIUM This Month

Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3). Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Fastflick
NVD
CVSS 2.0
4.6
EPSS
7.9%
CVE-2014-8397 MEDIUM This Month

Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Fastflick Videostudio Pro
NVD
CVSS 2.0
4.6
EPSS
7.9%
CVE-2014-8396 MEDIUM This Month

Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Pdf Fusion
NVD
CVSS 2.0
4.6
EPSS
7.9%
CVE-2014-8395 MEDIUM This Month

Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Painter
NVD
CVSS 2.0
4.6
EPSS
7.9%
CVE-2014-8394 MEDIUM This Month

Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Corelcad
NVD
CVSS 2.0
4.6
EPSS
7.9%
CVE-2015-1051 MEDIUM PATCH This Month

Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Context Fedora
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2014-8151 MEDIUM This Month

The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mac Os X Libcurl
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2014-9593 MEDIUM This Month

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Cloudstack
NVD
CVSS 2.0
5.0
EPSS
2.7%
CVE-2015-0591 MEDIUM This Month

Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-8034 MEDIUM This Month

Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-8150 MEDIUM This Month

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Debian Linux Libcurl Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2014-7881 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Insight Control Server Deployment
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-8022 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Identity Services Engine Software
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9596 MEDIUM This Month

Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Arbitrator Back End Server Mk 3 0 Vpu Firmware Arbitrator Back End Server Mk 3 0 Vpu Arbitrator Back End Server Mk 2 0 Vpu Firmware Arbitrator Back End Server Mk 2 0 Vpu
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9561 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Softbb
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8153 MEDIUM This Month

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Router Advertisement Daemon Neutron
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2014-7812 LOW Monitor

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Satellite Spacewalk Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-7811 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Network Satellite Spacewalk Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy