VIR Vulnerability Intelligence Relay

Search

Found 5,475 results in 1068ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2014-9349 medium 5.3 EXP robotstats 12y ago Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter…
CVE-2014-9348 high 8.5 EXP robotstats 12y ago SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots…
CVE-2014-9347 high 8.5 EXP phpmyrecipes_project 12y ago SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter.
CVE-2014-9345 high 8.5 EXP guruperl 12y ago SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in…
CVE-2014-9344 medium 7.8 EXP globiz_solutions 12y ago Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a sub…
CVE-2014-9305 medium 7.5 EXP reality66 12y ago SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary…
CVE-2014-9265 medium 7.8 EXP samsung 12y ago Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-5462 medium 7.5 EXP open-emr 12y ago Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edi…
CVE-2014-9218 medium 6.0 EXPFIX debian debian phpmyadmin 12y ago libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long p…
CVE-2014-4880 high 8.5 EXP 12y ago Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorizat…
CVE-2014-9304 high 8.5 EXP plex 12y ago Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers…
CVE-2014-9303 high 8.8 EXP 12y ago EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or…
CVE-2014-9302 medium 6.0 EXP alfresco 12y ago Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attacke…
CVE-2014-9301 medium 7.4 EXP alfresco 12y ago Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port…
CVE-2014-8868 high 8.8 EXP 12y ago EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive informati…
CVE-2014-4703 low 3.1 EXPFIX debian debian nagios 12y ago lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists beca…
CVE-2014-9215 high 8.5 EXP pbboard 12y ago SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email paramet…
CVE-2014-9144 high 8.5 EXP 12y ago Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
CVE-2014-9143 medium 5.3 EXP 12y ago Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failre…
CVE-2014-9142 medium 5.3 EXP 12y ago Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
CVE-2014-8800 medium 5.3 EXP nextendweb 12y ago Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or H…
CVE-2014-3997 high 8.5 EXP zohocorp 12y ago SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 an…
CVE-2014-3996 high 8.5 EXP manageengine 12y ago SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager…
CVE-2014-7868 high 8.5 EXP zohocorp 12y ago Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbit…
CVE-2014-6036 medium 7.4 EXP zohocorp 12y ago Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or re…
CVE-2014-6035 high 8.5 EXP zohocorp 12y ago Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) i…
CVE-2014-6034 medium 6.0 EXP zohocorp 12y ago Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.…
CVE-2014-5446 medium 6.0 EXP zohocorp 12y ago Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read a…
CVE-2014-5445 medium 6.0 EXP zohocorp 12y ago Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via…
CVE-2014-9243 medium 5.3 EXP websitebaker 12y ago Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2)…
CVE-2014-9242 high 8.5 EXP websitebaker 12y ago SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
CVE-2014-9241 medium 5.3 EXP mybb 12y ago Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report…
CVE-2014-9240 high 8.5 EXP mybb 12y ago SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register act…
CVE-2014-9237 high 8.5 EXP proticaret 12y ago SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.
CVE-2014-9236 medium 5.3 EXP debian debian zoph 12y ago Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photog…
CVE-2014-9235 medium 7.5 EXP debian debian zoph 12y ago Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.…
CVE-2014-8775 medium 6.0 EXP modx 12y ago MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive informat…
CVE-2014-8774 medium 5.3 EXP modx 12y ago Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.
CVE-2014-8773 medium 7.8 EXP modx 12y ago MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF toke…
CVE-2014-9141 high 8.2 EXP thomsonreuters 12y ago The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
CVE-2014-9181 medium 6.0 EXP plex 12y ago Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote auth…
CVE-2014-9179 medium 5.0 EXP supportezzy_ticket_system_project 12y ago Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" …
CVE-2014-9178 high 8.5 EXP smartypantsplugins 12y ago Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote a…
CVE-2014-9175 high 8.5 EXP wpdatatables 12y ago SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a ge…
CVE-2014-9173 high 8.5 EXP google_doc_embedder_project 12y ago SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
CVE-2014-9113 high 8.2 EXP cchgroup 12y ago CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktop…
CVE-2014-8728 high 8.5 EXP subex 12y ago SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL comman…
CVE-2014-8791 medium 7.0 EXP enalean 12y ago project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code vi…
CVE-2014-5284 high 8.2 EXP ossec 12y ago host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root…
CVE-2014-7816 medium 6.0 EXPFIX debian debian redhat 12y ago Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
CVE-2014-8801 medium 6.0 EXP strangerstudios 12y ago Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUER…
CVE-2014-8799 medium 6.0 EXP dukapress 12y ago Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (do…
CVE-2014-8429 medium 7.8 EXP xavoc 12y ago Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests t…
CVE-2014-8425 high 8.8 EXP 12y ago The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.
CVE-2014-8424 high 8.8 EXP 12y ago ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
CVE-2014-9101 medium 7.8 EXP skalfaoxwall 12y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrator…
CVE-2014-9099 medium 7.8 EXP whydowork_adsense_project 12y ago Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspeci…
CVE-2014-9098 low 4.5 EXP apptha 12y ago Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users…
CVE-2014-9097 high 8.5 EXP apptha 12y ago Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to …
CVE-2014-9096 high 8.5 EXP pligg 12y ago Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
CVE-2014-9095 high 8.5 EXP raritan 12y ago Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
CVE-2014-9094 medium 5.3 EXP digitalzoomstudio 12y ago Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web s…
CVE-2014-9034 medium 6.0 EXPFIX debian debian wordpress 12y ago wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long …
CVE-2014-9016 medium 6.0 EXP debian debian drupalsecure_password_hashes_project 12y ago The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and m…
CVE-2014-8682 high 8.5 EXP gogits 12y ago SQL Injection in Gogs in gogs.io/gogs
CVE-2014-8681 high 8.5 EXP gogits 12y ago SQL Injection in github.com/gogits/gogs
CVE-2014-8469 medium 5.3 EXP moxi9 12y ago Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.
CVE-2014-5395 medium 7.8 EXP 12y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.0…
CVE-2014-8768 medium 6.0 EXPFIX suse suseubuntu ubuntudebian debian redhat 12y ago Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a…
CVE-2014-8493 medium 6.0 EXP 12y ago ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
CVE-2014-9005 high 8.5 EXP vld_interactive 12y ago Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search ac…
CVE-2014-9004 medium 5.3 EXP vld_interactive 12y ago Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.
CVE-2014-9001 medium 7.5 EXP incrediblepbx 12y ago reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5)…
CVE-2014-9000 medium 7.5 EXP mulesoft 12y ago Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitra…
CVE-2014-8998 medium 7.5 EXP x7chat 12y ago lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace functio…
CVE-2014-8997 high 8.5 EXP digitalvidhya 12y ago Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an exe…
CVE-2014-8995 medium 6.0 EXP maarch 12y ago SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
CVE-2014-7910 high 8.5 EXP google 12y ago Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2014-8598 medium 7.4 EXP mantisbt 12y ago The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via th…
CVE-2014-7146 high 8.5 EXP mantisbt 12y ago The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is…
CVE-2014-7992 medium 6.0 EXP 12y ago The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, a…
CVE-2012-6665 medium 5.3 EXP phpmoneybooks 12y ago Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012…
CVE-2012-1669 medium 5.3 EXP phpmoneybooks 12y ago Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2014-8954 medium 5.3 EXP codecanyon 12y ago Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3…
CVE-2014-8953 medium 7.8 EXP phpscriptlerim 12y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin …
CVE-2014-8727 medium 7.2 EXP f5 12y ago Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (d…
CVE-2014-8596 high 8.5 EXP php-fusion 12y ago Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/s…
CVE-2014-8517 high 8.5 EXPFIX slesmacos macosfreebsd freebsd 12y ago The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary c…
CVE-2014-8499 medium 7.5 EXP manageengine 12y ago Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated use…
CVE-2014-8498 medium 7.5 EXP zohocorp 12y ago SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote …
CVE-2014-8949 medium 7.0 EXP imember360 12y ago The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this c…
CVE-2014-8948 medium 7.8 EXP imember360 12y ago Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that…
CVE-2014-2268 medium 6.0 EXP vtiger 12y ago views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the …
CVE-2014-8359 high 8.2 EXP 12y ago Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.d…
CVE-2014-8555 medium 6.0 EXP progress 12y ago Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.
CVE-2014-4076 high 8.2 EXP 12y ago Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."
CVE-2014-8652 medium 6.0 EXP elipse 12y ago Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681.
CVE-2014-3439 medium 7.1 EXP symantec 12y ago ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.
CVE-2014-3438 medium 5.3 EXP symantec 12y ago Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script o…
CVE-2014-3437 high 8.5 EXP symantec 12y ago The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing …