Skip to main content
CVE-2014-9471 HIGH POC This Week

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Coreutils Ubuntu Linux
NVD
CVSS 2.0
7.5
EPSS
5.0%
CVE-2015-1060 MEDIUM POC This Month

Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Open Redirect Adaptcms
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
9.1%
CVE-2015-1055 HIGH POC This Week

SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Photo Gallery
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-1059 MEDIUM POC This Month

Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection File Upload Adaptcms
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
4.5%
CVE-2014-9600 HIGH POC This Week

Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse itunesmobiledevice.dll. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Iexplorer
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-1058 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.0%.

XSS Adaptcms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
14.0%
CVE-2015-0221 MEDIUM POC PATCH This Month

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Python Django Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
9.2%
CVE-2014-3692 CRITICAL Act Now

The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Cloudforms 3 1 Management Engine
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2015-0219 MEDIUM POC PATCH This Month

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Information Disclosure Django
NVD
CVSS 2.0
5.0
EPSS
4.8%
CVE-2014-9476 MEDIUM POC This Month

MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Mediawiki
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-1057 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP E107
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.1%
CVE-2015-0220 MEDIUM POC PATCH This Month

The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Python Ubuntu Linux Django
NVD
CVSS 2.0
4.3
EPSS
2.5%
CVE-2015-1053 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Croogo
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-9599 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP B2Evolution
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-1056 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW printer with firmware before L allows remote attackers to inject arbitrary web script or HTML via the url parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mfc J4410Dw Firmware Mfc J4410Dw
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9480 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9479 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9477 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6386 HIGH This Week

Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2015-1054 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Crea8Social
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
1.9%
CVE-2014-9603 HIGH This Week

The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-9604 HIGH This Week

libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg Ubuntu Linux
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-9602 HIGH This Week

libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-1949 HIGH This Week

GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Linux Mint Gtk Ubuntu
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-6382 HIGH This Week

The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2014-6384 MEDIUM This Month

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before. Rated medium severity (CVSS 6.9). No vendor patch available.

Juniper Privilege Escalation Junos
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-9478 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2015-1029 MEDIUM This Month

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Stdlib
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-7814 MEDIUM This Month

SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SQLi Cloudforms 3 1 Management Engine
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-6385 MEDIUM This Month

Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 2.0
6.1
EPSS
0.4%
CVE-2014-9496 LOW POC PATCH Monitor

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Libsndfile Opensuse Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-0222 MEDIUM PATCH This Month

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Ubuntu Linux Django
NVD
CVSS 2.0
5.0
EPSS
5.1%
CVE-2014-9601 MEDIUM PATCH This Month

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Pillow Solaris Fedora Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-6383 MEDIUM This Month

The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-9475 LOW Monitor

Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Mediawiki
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy