Skip to main content
CVE-2015-1545 MEDIUM POC THREAT This Month

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.8%.

Denial Of Service Openldap
NVD
CVSS 2.0
5.0
EPSS
64.8%
Threat
4.4
CVE-2015-1471 HIGH POC This Week

SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pragyan Cms
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
5.4%
CVE-2014-9512 MEDIUM POC This Month

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Opensuse Solaris
NVD
CVSS 2.0
6.4
EPSS
8.9%
CVE-2015-0592 HIGH This Week

The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
7.8
EPSS
0.8%
CVE-2015-0227 MEDIUM PATCH This Month

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.9%.

Privilege Escalation Apache Wss4J
NVD
CVSS 2.0
5.0
EPSS
13.9%
CVE-2015-0608 HIGH This Week

Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2015-1546 MEDIUM This Month

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.4% and no vendor patch available.

Denial Of Service Openldap Opensuse Mac Os X
NVD
CVSS 2.0
5.0
EPSS
10.4%
CVE-2014-2152 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Prime Infrastructure
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-0611 MEDIUM This Month

The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Telepresence System Software Ix
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2015-0580 MEDIUM This Month

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Secure Access Control System
NVD
CVSS 2.0
6.5
EPSS
0.1%
CVE-2015-1345 LOW POC Monitor

The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Grep Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-0619 MEDIUM This Month

Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-8110 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Apache Activemq
NVD
CVSS 2.0
4.3
EPSS
3.9%
CVE-2015-0606 MEDIUM This Month

The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-2147 MEDIUM This Month

The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Prime Infrastructure
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3365 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Security Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2153 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Infrastructure
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0610 MEDIUM This Month

Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Race Condition Apple Cisco iOS
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy