Skip to main content
CVE-2014-9707 HIGH POC THREAT Act Now

EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 60.6%.

Path Traversal Denial Of Service RCE Buffer Overflow Goahead
NVD GitHub
CVSS 2.0
7.5
EPSS
60.6%
Threat
4.8
CVE-2014-7876 CRITICAL Act Now

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.2% and no vendor patch available.

Denial Of Service HP RCE Integrated Lights Out 2 Firmware Integrated Lights Out 4 Firmware +1
NVD
CVSS 2.0
10.0
EPSS
25.2%
CVE-2015-0984 CRITICAL POC Act Now

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Honeywell Excel Web Xl 1000C100 104 I O Excel Web Xl 1000C1000 600 I O Excel Web Xl 1000C1000 600 I O Uukl +5
NVD
CVSS 2.0
10.0
EPSS
0.8%
CVE-2014-9706 HIGH POC PATCH GHSA This Week

The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Debian Linux Dulwich
NVD
CVSS 2.0
7.5
EPSS
2.8%
CVE-2014-9462 HIGH POC PATCH This Week

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Opensuse Mercurial
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-2830 CRITICAL Act Now

Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cifs Utils
NVD
CVSS 2.0
10.0
EPSS
2.9%
CVE-2014-9708 MEDIUM POC PATCH This Month

Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range:. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Enterprise Communications Broker Appweb Junos
NVD GitHub
CVSS 2.0
5.0
EPSS
4.5%
CVE-2015-0838 HIGH PATCH This Week

Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Debian Linux Dulwich
NVD
CVSS 2.0
7.5
EPSS
2.8%
CVE-2014-2027 HIGH PATCH This Week

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Egroupware
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2015-2109 HIGH This Week

Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Operations Orchestration
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-2754 MEDIUM This Month

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Freexl Debian Linux
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2015-2753 MEDIUM This Month

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Debian Linux Freexl
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2014-9209 MEDIUM This Month

Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local. Rated medium severity (CVSS 6.9). No vendor patch available.

Rockwell Information Disclosure Factorytalk Services Platform Factorytalk View Studio
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-0985 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF 442Sr Os 442Sr
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-2106 MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Integrated Lights Out 2 Firmware Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2015-2776 MEDIUM This Month

The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Debian Linux Freexl
NVD
CVSS 2.0
4.3
EPSS
2.0%
CVE-2015-0901 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Flashy
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0900 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fumy Teachers Schedule Board
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2684 MEDIUM This Month

Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Service Provider Debian Linux
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-2108 LOW Monitor

Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

HP Information Disclosure Operations Orchestration
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy