Skip to main content
CVE-2015-2051 HIGH POC KEV THREAT Act Now

The D-Link DIR-645 Wired/Wireless Router Rev. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection D-Link
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
93.0%
Threat
7.5
CVE-2015-2049 CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%.

RCE D-Link File Upload Dcs 931l Firmware
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
82.9%
Threat
5.8
CVE-2015-2052 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%.

RCE D-Link Buffer Overflow Dir 645 Firmware
NVD
CVSS 2.0
10.0
EPSS
11.6%
CVE-2015-2055 HIGH POC THREAT Act Now

Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.9%.

Denial Of Service Gpon 2520 Firmware
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
20.9%
CVE-2015-2050 CRITICAL Act Now

D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dap 1320 Firmware
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2015-1315 HIGH PATCH Act Now

Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.1%.

RCE Buffer Overflow Ubuntu Linux Unzip
NVD
CVSS 2.0
7.5
EPSS
12.1%
CVE-2015-1589 MEDIUM POC This Month

Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Archmage
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-2054 MEDIUM POC This Month

CRLF injection vulnerability in export.cfg in the web-based administrative console for Sierra Wireless AirCard 760S, 762S, and 763S allows remote attackers to inject arbitrary headers via CRLF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection Sierra Wireless Aircard 760S Sierra Wireless Aircard 762S Sierra Wireless Aircard 763S
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-2048 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF D-Link Dcs 931l Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-2053 MEDIUM This Month

The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mcafee Agent
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-7922 MEDIUM This Month

The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Play Services Sdk
NVD GitHub
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-2047 LOW Monitor

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Typo3 Debian Linux
NVD
CVSS 2.0
2.6
EPSS
0.8%
CVE-2015-1426 LOW PATCH Monitor

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Facter
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy