Security Vulnerabilities, CVEs, Published In August 2014
CVE-2014-5383
Public exploit
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
6.5
EPSS Score
2.08%
Published
2014-08-21
Updated
2015-09-08
CVE-2014-5337
Public exploit
The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.
Max CVSS
5.0
EPSS Score
2.67%
Published
2014-08-29
Updated
2018-11-19
CVE-2014-5266
Public exploit
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
Max CVSS
5.0
EPSS Score
92.86%
Published
2014-08-18
Updated
2015-11-25
CVE-2014-5073
Public exploit
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.
Max CVSS
7.5
EPSS Score
91.57%
Published
2014-08-29
Updated
2017-08-29
CVE-2014-3914
Public exploit
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
Max CVSS
10.0
EPSS Score
97.05%
Published
2014-08-07
Updated
2014-08-07
CVE-2014-2630
Public exploit
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.
Max CVSS
4.4
EPSS Score
0.08%
Published
2014-08-12
Updated
2017-08-29
CVE-2012-0938
Public exploit
Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/. NOTE: some of these details are obtained from third party information.
Max CVSS
6.5
EPSS Score
0.81%
Published
2014-08-14
Updated
2017-08-29
7 vulnerabilities found