Skip to main content
CVE-2015-1422 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 17.1%.

XSS PHP Gecko Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
17.1%
CVE-2015-1424 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Gecko Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-1423 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gecko Cms
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-8370 MEDIUM PATCH This Month

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation VMware Player Fusion +2
NVD
CVSS 2.0
6.4
EPSS
1.2%
CVE-2014-8894 MEDIUM PATCH This Month

Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

IBM Open Redirect Tririga Application Platform
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-8895 MEDIUM PATCH This Month

IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Privilege Escalation Tririga Application Platform
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy