Skip to main content
CVE-2015-1497 CRITICAL POC THREAT Emergency

radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.3%.

RCE Code Injection Radia Client Automation
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
88.3%
Threat
6.1
CVE-2014-0227 MEDIUM PATCH This Month

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 78.2%.

Tomcat Denial Of Service Java Apache
NVD
CVSS 2.0
6.4
EPSS
78.2%
CVE-2015-1474 CRITICAL POC PATCH Act Now

Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Google Buffer Overflow Android
NVD
CVSS 2.0
10.0
EPSS
9.0%
CVE-2015-1500 MEDIUM PATCH This Month

Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 42.6%.

RCE Buffer Overflow Server And Application Monitor
NVD
CVSS 2.0
6.8
EPSS
42.6%
CVE-2015-1501 MEDIUM This Month

The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 20.9% and no vendor patch available.

RCE Code Injection Server And Application Monitor
NVD
CVSS 2.0
6.8
EPSS
20.9%
CVE-2015-1434 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi My Little Forum
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-1498 CRITICAL Act Now

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Radia Client Automation
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-9375 CRITICAL Act Now

Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Markvision Enterprise
NVD
CVSS 2.0
9.0
EPSS
1.5%
CVE-2015-1499 HIGH This Week

The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Samsung Samsung Security Manager
NVD
CVSS 2.0
8.5
EPSS
1.1%
CVE-2014-6137 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

IBM XSS Tivoli Endpoint Manager
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.2%
CVE-2015-1435 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP My Little Forum
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-1436 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Easing Slider
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0260 MEDIUM POC PATCH This Month

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Kallithea Rhodecode Enterprise
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-1495 MEDIUM PATCH This Month

Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Buffer Overflow Motorola Scanner Sdk
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2015-0609 HIGH This Week

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2015-1496 HIGH This Week

Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Motorola Scanner Sdk
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-0268 MEDIUM This Month

The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-6113 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Endpoint Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1608 MEDIUM This Month

Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Opportunity Form
NVD
CVSS 2.0
4.0
EPSS
0.9%
CVE-2015-1613 MEDIUM PATCH This Month

RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Rhodecode Enterprise
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy