Skip to main content
CVE-2015-2035 MEDIUM POC PATCH This Month

SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Piwigo
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2015-2033 CRITICAL Act Now

Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Netmri
NVD
CVSS 2.0
10.0
EPSS
2.5%
CVE-2015-1517 MEDIUM POC PATCH This Month

SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP SQLi Piwigo
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
1.0%
CVE-2015-2034 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Piwigo
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-2040 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Contact Form Db
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3682 HIGH This Week

XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Java Jbpm Designer
NVD GitHub
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-0880 MEDIUM PATCH This Month

Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Buffer Overflow Al Mail32
NVD
CVSS 2.0
6.8
EPSS
3.0%
CVE-2015-0584 HIGH This Week

The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Desktop Collaboration Experience Dx650
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-8114 MEDIUM This Month

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Privilege Escalation Uberfire
NVD GitHub
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-5355 MEDIUM This Month

MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Kerberos 5
NVD GitHub
CVSS 2.0
5.0
EPSS
9.4%
CVE-2015-2039 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS CSRF WordPress PHP Acobot Live Chat Contact Form
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-8115 MEDIUM This Month

The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kie Workbench
NVD GitHub
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-0878 MEDIUM PATCH This Month

Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Al Mail32
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2015-0881 MEDIUM This Month

CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Squid
NVD
CVSS 2.0
4.3
EPSS
4.4%
CVE-2015-0628 MEDIUM This Month

The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Web Security Appliance
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-0879 MEDIUM PATCH This Month

CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Al Mail32
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-0167 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in textAngular before 1.3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Textangular
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0005 LOW Monitor

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
3.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy