Skip to main content
CVE-2015-1169 HIGH POC This Week

Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Central Authentication Service
NVD GitHub
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-1559 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF PHP Efront
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-1042 MEDIUM POC This Month

The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Open Redirect Mantisbt
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2015-1548 MEDIUM POC This Month

mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mini Httpd
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-1571 MEDIUM POC This Month

The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1570 MEDIUM POC This Month

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Google Information Disclosure Fortinet Forticlient
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-1569 MEDIUM POC This Month

Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Information Disclosure Fortinet Forticlient
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-1031 HIGH PATCH This Week

Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Privoxy
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-1432 MEDIUM This Month

The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF PHP Phpbb
NVD GitHub
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-1377 MEDIUM This Month

The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Webmin
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-1431 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Phpbb
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-8733 LOW Monitor

Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cloudera Manager
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy