Skip to main content
CVE-2014-5301 HIGH POC THREAT Act Now

Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.4%.

Path Traversal Servicedesk Plus Assetexplorer Supportcenter It360
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
78.4%
Threat
5.6
CVE-2014-9312 HIGH POC THREAT Act Now

Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.5%.

File Upload Photo Gallery
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
76.5%
Threat
5.6
CVE-2014-5302 HIGH POC THREAT Act Now

Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%.

Path Traversal RCE Servicedesk Plus Assetexplorer Supportcenter +1
NVD
CVSS 3.0
8.8
EPSS
52.4%
Threat
4.8
CVE-2015-1876 HIGH POC This Week

Directory traversal vulnerability in ES File Explorer 3.2.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Es File Explorer
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2014-8871 HIGH POC This Week

Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hybris
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2015-0974 HIGH POC This Week

Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zte Information Disclosure Mobiconnect
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-1386 HIGH POC This Week

Directory traversal vulnerability in unshield 1.0-1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Unshield
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-1443 HIGH This Week

The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Fli4L
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2015-8332 HIGH This Week

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Privilege Escalation Vcm5010 Firmware Vcm5020 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2014-8900 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Urbancode Deploy
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-1198 HIGH This Week

Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ha
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2016-0634 HIGH PATCH This Week

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Bash
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2015-0114 HIGH PATCH This Week

Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft IBM I Access For Windows
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-12840 HIGH This Week

A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Deslock
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8300 HIGH This Week

Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Btoe Connector
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-1199 HIGH This Week

Directory traversal vulnerability in ppmd 10.1-5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ppmd
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-7030 HIGH This Week

FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Freeipa
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2015-1600 HIGH This Week

Information disclosure vulnerability in Netatmo Indoor Module firmware 100 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Indoor Module Firmware
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2015-1554 HIGH This Week

kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Kgb Bot
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-0928 HIGH This Week

libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libhtp
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2012-2805 HIGH This Week

Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD VulDB
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-13712 HIGH This Week

NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Lame
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2014-9483 HIGH This Week

Emacs 24.4 allows remote attackers to bypass security restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emacs
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-6594 HIGH PATCH This Week

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Heimdal Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2015-1445 HIGH This Week

HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Fli4L
NVD
CVSS 3.0
7.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy