Skip to main content
CVE-2015-1592 HIGH POC THREAT Act Now

Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.0%.

RCE Debian Linux Movable Type
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
81.0%
Threat
5.4
CVE-2015-1587 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.2%.

PHP File Upload Gec Ged Letterbox
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
79.2%
Threat
5.4
CVE-2015-1604 MEDIUM POC PATCH This Month

Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP File Upload Adminsystems Cms
NVD GitHub
CVSS 2.0
6.5
EPSS
4.4%
CVE-2015-1515 HIGH POC This Week

The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000,. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Defensewall Personal Firewall
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.6%
CVE-2014-8690 MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.8%.

XSS PHP Exponent Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
14.8%
CVE-2014-8165 CRITICAL Act Now

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Python Powerpc Utils
NVD
CVSS 2.0
10.0
EPSS
5.3%
CVE-2015-1585 MEDIUM POC PATCH This Month

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Fat Free Crm
NVD GitHub
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-6687 MEDIUM This Month

FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.5% and no vendor patch available.

Denial Of Service Fcgi
NVD
CVSS 2.0
5.0
EPSS
25.5%
CVE-2014-5352 CRITICAL PATCH Act Now

The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Kerberos 5
NVD GitHub
CVSS 2.0
9.0
EPSS
5.4%
CVE-2014-9421 CRITICAL Act Now

The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Denial Of Service Kerberos 5
NVD GitHub
CVSS 2.0
9.0
EPSS
5.4%
CVE-2014-9465 MEDIUM POC This Month

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Fedora Webapp Zarafa Collaboration Platform
NVD
CVSS 2.0
5.0
EPSS
2.5%
CVE-2015-1603 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Adminsystems Cms
NVD GitHub
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-1879 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Google PHP Google Doc Embedder
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9679 MEDIUM This Month

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Cups
NVD
CVSS 2.0
6.8
EPSS
7.4%
CVE-2015-1349 MEDIUM This Month

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Epss exploitation probability 11.1% and no vendor patch available.

Denial Of Service Bind
NVD
CVSS 2.0
5.4
EPSS
11.1%
CVE-2015-0622 HIGH This Week

The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller
NVD
CVSS 2.0
7.1
EPSS
0.2%
CVE-2015-1614 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS CSRF WordPress PHP Image Metadata Cruncher
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-1197 LOW POC Monitor

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Information Disclosure Cpio
NVD
CVSS 2.0
1.9
EPSS
3.4%
CVE-2014-5286 MEDIUM This Month

The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Activematrix Management Agent Activematrix Policy Agent Activematrix Policy Manager
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-9422 MEDIUM This Month

The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Kerberos 5
NVD GitHub
CVSS 2.0
6.1
EPSS
0.8%
CVE-2014-3578 MEDIUM PATCH This Month

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Spring Framework
NVD
CVSS 2.0
5.0
EPSS
4.4%
CVE-2014-9423 MEDIUM This Month

The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kerberos 5
NVD GitHub
CVSS 2.0
5.0
EPSS
1.5%
CVE-2014-6303 MEDIUM This Month

The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 do not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Sequence Kinetics
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-6302 MEDIUM This Month

The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Sequence Kinetics
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-6304 MEDIUM This Month

The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sequence Kinetics
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-6301 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the tables-management module in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Sequence Kinetics
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0623 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Web Security Appliance
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9468 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Instantforum
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0626 MEDIUM This Month

The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Hosted Collaboration Solution
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1832 LOW PATCH Monitor

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Passenger
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1831 LOW PATCH Monitor

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Passenger
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-6147 LOW PATCH Monitor

IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Flex System Manager
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy