Skip to main content
CVE-2015-1494 MEDIUM POC PATCH This Month

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Fancybox
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.6%
CVE-2015-1616 MEDIUM This Month

SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Data Loss Prevention Endpoint
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-0247 MEDIUM This Month

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow E2Fsprogs Debian Linux Ubuntu Linux +1
NVD
CVSS 2.0
4.6
EPSS
0.4%
CVE-2014-6194 MEDIUM PATCH This Month

Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +9
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-8023 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Adaptive Security Appliance Software
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-1618 MEDIUM This Month

The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Loss Prevention Endpoint
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-9466 MEDIUM This Month

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Open Xchange Appsuite
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy