Skip to main content
CVE-2014-5301 HIGH POC THREAT Act Now

Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.4%.

Path Traversal Servicedesk Plus Assetexplorer Supportcenter It360
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
78.4%
Threat
5.6
CVE-2014-9312 HIGH POC THREAT Act Now

Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.5%.

File Upload Photo Gallery
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
76.5%
Threat
5.6
CVE-2014-5302 HIGH POC THREAT Act Now

Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%.

Path Traversal RCE Servicedesk Plus Assetexplorer Supportcenter +1
NVD
CVSS 3.0
8.8
EPSS
52.4%
Threat
4.8
CVE-2014-9558 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in SmartCMS v.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smartcms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2017-3735 MEDIUM PATCH This Month

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.5%.

Buffer Overflow OpenSSL Debian Linux
NVD GitHub
CVSS 3.0
5.3
EPSS
36.5%
CVE-2017-9978 MEDIUM POC THREAT This Month

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.4%.

Information Disclosure Quantastor
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
16.4%
CVE-2015-1876 HIGH POC This Week

Directory traversal vulnerability in ES File Explorer 3.2.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Es File Explorer
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2014-8871 HIGH POC This Week

Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hybris
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2015-0974 HIGH POC This Week

Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zte Information Disclosure Mobiconnect
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-1386 HIGH POC This Week

Directory traversal vulnerability in unshield 1.0-1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Unshield
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-12952 MEDIUM POC This Month

The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libgig
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.7%
CVE-2017-12950 MEDIUM POC This Month

The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libgig
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
4.4%
CVE-2017-12954 MEDIUM POC This Month

The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libgig
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.1%
CVE-2017-12953 MEDIUM POC This Month

The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Libgig
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.1%
CVE-2017-12951 MEDIUM POC This Month

The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libgig
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.1%
CVE-2014-9513 CRITICAL Act Now

Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Xbindkeys Config
NVD
CVSS 3.0
9.8
EPSS
6.1%
CVE-2017-9979 MEDIUM POC This Month

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quantastor
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.4%
CVE-2017-8380 CRITICAL PATCH Act Now

Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Qemu
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2015-1401 CRITICAL Act Now

Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ldap Sso Authentication
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2014-8753 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cit E Access
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-1177 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Exponent Cms
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2014-9514 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Footprints Service Core
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-8428 CRITICAL Act Now

Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Barracuda Privilege Escalation Load Balancer
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2015-0210 MEDIUM POC This Month

wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Wpa Supplicant
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2014-8426 CRITICAL Act Now

Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Barracuda Authentication Bypass Load Balancer
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2013-0870 CRITICAL Act Now

The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2015-1430 CRITICAL Act Now

Buffer overflow in xymon 4.3.17-1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xymon
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-1443 HIGH This Week

The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Fli4L
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2015-8332 HIGH This Week

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Privilege Escalation Vcm5010 Firmware Vcm5020 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2014-8900 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Urbancode Deploy
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-1198 HIGH This Week

Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ha
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2016-0634 HIGH PATCH This Week

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Bash
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2015-0114 HIGH PATCH This Week

Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft IBM I Access For Windows
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12840 HIGH This Week

A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Deslock
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8300 HIGH This Week

Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Btoe Connector
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-1199 HIGH This Week

Directory traversal vulnerability in ppmd 10.1-5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ppmd
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-7030 HIGH This Week

FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Freeipa
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2015-1600 HIGH This Week

Information disclosure vulnerability in Netatmo Indoor Module firmware 100 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Indoor Module Firmware
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2015-1554 HIGH This Week

kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Kgb Bot
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-0928 HIGH This Week

libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libhtp
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2012-2805 HIGH This Week

Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD VulDB
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-13712 HIGH This Week

NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Lame
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2014-9483 HIGH This Week

Emacs 24.4 allows remote attackers to bypass security restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emacs
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-6594 HIGH PATCH This Week

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Heimdal Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2015-1445 HIGH This Week

HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Fli4L
NVD
CVSS 3.0
7.2
EPSS
0.7%
CVE-2017-12877 MEDIUM PATCH This Month

Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Imagemagick Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2014-8163 MEDIUM This Month

Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Red Hat Satellite
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-12919 MEDIUM This Month

Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libfpx
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12923 MEDIUM This Month

OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libfpx
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-12922 MEDIUM This Month

wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libfpx
NVD
CVSS 3.0
6.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy