Skip to main content
CVE-2015-1604 MEDIUM POC PATCH This Month

Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP File Upload Adminsystems Cms
NVD GitHub
CVSS 2.0
6.5
EPSS
4.4%
CVE-2014-8690 MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.8%.

XSS PHP Exponent Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
14.8%
CVE-2015-1585 MEDIUM POC PATCH This Month

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Fat Free Crm
NVD GitHub
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-6687 MEDIUM This Month

FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.5% and no vendor patch available.

Denial Of Service Fcgi
NVD
CVSS 2.0
5.0
EPSS
25.5%
CVE-2014-9465 MEDIUM POC This Month

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Fedora Webapp Zarafa Collaboration Platform
NVD
CVSS 2.0
5.0
EPSS
2.5%
CVE-2015-1603 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Adminsystems Cms
NVD GitHub
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-1879 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Google PHP Google Doc Embedder
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9679 MEDIUM This Month

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Cups
NVD
CVSS 2.0
6.8
EPSS
7.4%
CVE-2015-1349 MEDIUM This Month

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Epss exploitation probability 11.1% and no vendor patch available.

Denial Of Service Bind
NVD
CVSS 2.0
5.4
EPSS
11.1%
CVE-2015-1614 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS CSRF WordPress PHP Image Metadata Cruncher
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-5286 MEDIUM This Month

The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Activematrix Management Agent Activematrix Policy Agent Activematrix Policy Manager
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-9422 MEDIUM This Month

The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Kerberos 5
NVD GitHub
CVSS 2.0
6.1
EPSS
0.8%
CVE-2014-3578 MEDIUM PATCH This Month

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Spring Framework
NVD
CVSS 2.0
5.0
EPSS
4.4%
CVE-2014-9423 MEDIUM This Month

The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kerberos 5
NVD GitHub
CVSS 2.0
5.0
EPSS
1.5%
CVE-2014-6303 MEDIUM This Month

The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 do not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Sequence Kinetics
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-6302 MEDIUM This Month

The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Sequence Kinetics
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-6304 MEDIUM This Month

The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sequence Kinetics
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-6301 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the tables-management module in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Sequence Kinetics
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0623 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Web Security Appliance
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9468 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Instantforum
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0626 MEDIUM This Month

The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Hosted Collaboration Solution
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy