Skip to main content
CVE-2014-9574 CRITICAL POC Act Now

Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal PHP Fluxbb
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2014-9633 HIGH POC This Week

The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Backup
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.2%
CVE-2015-1428 HIGH POC This Week

Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sefrengo
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
1.4%
CVE-2015-1400 HIGH POC This Week

SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Revolution
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-8779 HIGH POC This Week

Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 2.0
7.1
EPSS
0.3%
CVE-2015-1458 MEDIUM POC This Month

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Privilege Escalation Fortinet Fortiauthenticator
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-0929 CRITICAL Act Now

time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hvg Video Gateway Firmware
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2015-0930 CRITICAL Act Now

The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hvg Video Gateway Firmware
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2014-9328 HIGH Act Now

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.9% and no vendor patch available.

Buffer Overflow Fedora Clamav
NVD
CVSS 2.0
7.5
EPSS
11.9%
CVE-2014-9556 MEDIUM POC This Month

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-1469 CRITICAL Act Now

time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hvg Video Gateway Firmware
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2015-1457 MEDIUM POC This Month

Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fortinet Fortiauthenticator
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-1433 MEDIUM POC PATCH This Month

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Webmail Fedora
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-1459 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Fortinet Fortiauthenticator
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5360 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Landesk Management Suite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1384 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Banner Effect Header
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1462 HIGH This Week

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Fedora Clamav
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2015-1461 HIGH This Week

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Fedora Clamav
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2015-1348 HIGH This Week

Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Aruba Instant Access Point Firmware
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2015-1455 HIGH This Week

Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet PostgreSQL Authentication Bypass Fortiauthenticator
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-1441 HIGH PATCH This Week

SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Piwigo
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-1460 HIGH This Week

Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Quidway Firmware
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-1405 HIGH This Week

SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Content Rating Extbase
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-1403 HIGH This Week

SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Content Rating
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-1382 MEDIUM This Month

parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Privoxy Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2015-1381 MEDIUM This Month

Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Debian Linux Privoxy
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2015-1463 MEDIUM This Month

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Clamav Fedora
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2015-1380 MEDIUM This Month

jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privoxy Solaris Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-8013 MEDIUM This Month

The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2015-0599 MEDIUM This Month

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Unified Computing System
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9559 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Snipsnap
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1404 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Content Rating Extbase
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1402 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Content Rating
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8021 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Hostscan Engine Anyconnect Secure Mobility Client
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1456 MEDIUM This Month

Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Fortinet Fortiauthenticator
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-9568 LOW Monitor

puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rabbitmq
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy