Skip to main content
CVE-2014-7270 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Rt N66U Firmware Rt N66U Rt N56U Firmware Rt N56U +6
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0926 MEDIUM This Month

Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Labtech
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-8630 MEDIUM PATCH This Month

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Bugzilla Fedora
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2014-7269 MEDIUM PATCH This Month

ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Rt N66U Firmware Rt N66U Rt Ac56S Firmware Rt Ac56S +6
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-8268 MEDIUM PATCH This Month

QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Portal
NVD
CVSS 2.0
6.4
EPSS
0.9%
CVE-2014-7287 MEDIUM PATCH This Month

The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Encryption Management Server Pgp Universal Server
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8267 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Portal
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-8266 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Portal
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-0870 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Fumy News Clipper
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4632 MEDIUM This Month

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

VMware Authentication Bypass Vsphere Data Protection
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy