Skip to main content
CVE-2015-0231 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 87.3%.

Deserialization RCE PHP
NVD GitHub
CVSS 2.0
7.5
EPSS
87.3%
Threat
5.6
CVE-2015-0232 MEDIUM POC PATCH THREAT This Month

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.3%.

RCE PHP Denial Of Service
NVD
CVSS 2.0
6.8
EPSS
68.3%
Threat
4.9
CVE-2015-1365 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 27.3%.

Path Traversal WordPress PHP Pixabay Images
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
27.3%
CVE-2015-1371 HIGH POC This Week

Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Ferretcms
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
9.2%
CVE-2015-1362 HIGH POC This Week

Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Exif Pilot
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
6.3%
CVE-2015-1364 HIGH POC This Week

SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Articlefr
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.0%
CVE-2015-1372 HIGH POC This Week

SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ferretcms
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
1.8%
CVE-2015-1367 HIGH POC This Week

SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Catbot
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-1369 HIGH POC PATCH This Week

SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Node.js Sequelize
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-1374 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF File Upload PHP SQLi XSS +1
NVD GitHub Exploit-DB
CVSS 2.0
6.8
EPSS
1.6%
CVE-2015-1368 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.0%.

XSS Tower
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
14.0%
CVE-2014-9198 CRITICAL PATCH Act Now

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Schneider Electric Authentication Bypass Etg3000 Factorycast Hmi Gateway Firmware Tsxetg3000 Tsxetg3010 +2
NVD
CVSS 2.0
10.0
EPSS
0.8%
CVE-2014-9197 CRITICAL PATCH Act Now

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Schneider Electric Authentication Bypass Etg3000 Factorycast Hmi Gateway Firmware Tsxetg3000 Tsxetg3010 +2
NVD
CVSS 2.0
10.0
EPSS
0.3%
CVE-2015-1373 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Ferretcms
NVD GitHub Exploit-DB
CVSS 2.0
4.3
EPSS
7.2%
CVE-2015-1366 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Pixabay Images
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.9%
CVE-2015-1370 MEDIUM POC PATCH This Month

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Node.js Marked
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1363 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Articlefr
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1182 HIGH This Week

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Opensuse Polarssl
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-8154 HIGH PATCH This Week

The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Vala Opensuse
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-1360 HIGH This Week

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-5211 MEDIUM This Month

Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Reflection Ftp Client
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2015-1359 MEDIUM This Month

Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1361 MEDIUM This Month

platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-9647 MEDIUM This Month

Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-9650 MEDIUM This Month

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Rabbitmq Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-9646 MEDIUM This Month

Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Microsoft Chrome
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-9648 MEDIUM This Month

components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Authentication Bypass Chrome
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9649 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rabbitmq Server
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy