Skip to main content
CVE-2014-9633 HIGH POC This Week

The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Backup
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.2%
CVE-2015-1428 HIGH POC This Week

Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sefrengo
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
1.4%
CVE-2015-1400 HIGH POC This Week

SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Revolution
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-8779 HIGH POC This Week

Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 2.0
7.1
EPSS
0.3%
CVE-2014-9328 HIGH Act Now

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.9% and no vendor patch available.

Buffer Overflow Fedora Clamav
NVD
CVSS 2.0
7.5
EPSS
11.9%
CVE-2015-1462 HIGH This Week

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Fedora Clamav
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2015-1461 HIGH This Week

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Fedora Clamav
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2015-1348 HIGH This Week

Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Aruba Instant Access Point Firmware
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2015-1455 HIGH This Week

Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet PostgreSQL Authentication Bypass Fortiauthenticator
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-1441 HIGH PATCH This Week

SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Piwigo
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-1460 HIGH This Week

Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Quidway Firmware
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-1405 HIGH This Week

SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Content Rating Extbase
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-1403 HIGH This Week

SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Content Rating
NVD
CVSS 2.0
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy