Skip to main content
CVE-2015-1458 MEDIUM POC This Month

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Privilege Escalation Fortinet Fortiauthenticator
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-9556 MEDIUM POC This Month

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-1457 MEDIUM POC This Month

Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fortinet Fortiauthenticator
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-1433 MEDIUM POC PATCH This Month

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Webmail Fedora
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-1459 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Fortinet Fortiauthenticator
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5360 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Landesk Management Suite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1384 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Banner Effect Header
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1382 MEDIUM This Month

parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Privoxy Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2015-1381 MEDIUM This Month

Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Debian Linux Privoxy
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2015-1463 MEDIUM This Month

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Clamav Fedora
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2015-1380 MEDIUM This Month

jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privoxy Solaris Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-8013 MEDIUM This Month

The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2015-0599 MEDIUM This Month

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Unified Computing System
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9559 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Snipsnap
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1404 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Content Rating Extbase
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1402 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Content Rating
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8021 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Hostscan Engine Anyconnect Secure Mobility Client
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1456 MEDIUM This Month

Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Fortinet Fortiauthenticator
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy