Skip to main content
CVE-2015-0240 CRITICAL POC THREAT Emergency

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.7%.

RCE Enterprise Linux Samba Suse Linux Enterprise Desktop Suse Linux Enterprise Server +2
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
90.7%
Threat
6.2
CVE-2015-2065 HIGH POC THREAT Act Now

SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 80.9%.

WordPress SQLi PHP Wordpress Video Gallery
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
80.9%
Threat
5.4
CVE-2015-2067 MEDIUM POC THREAT This Month

Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.4%.

Path Traversal Adobe PHP Magmi
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
76.4%
Threat
4.8
CVE-2015-0555 MEDIUM POC THREAT This Month

Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 24.9%.

RCE Samsung Buffer Overflow Ipolis Device Manager
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
24.9%
CVE-2014-9402 HIGH POC This Week

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Glibc Ubuntu Linux Opensuse
NVD
CVSS 2.0
7.8
EPSS
8.7%
CVE-2015-2070 HIGH POC This Week

SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Samepage
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-2071 MEDIUM POC THREAT This Month

Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.9%.

Path Traversal Samepage
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
14.9%
CVE-2015-2077 MEDIUM POC This Month

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure Microsoft Redirector Sdk
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2015-2078 MEDIUM POC This Month

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Redirector Sdk
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-2068 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Adobe PHP Magmi
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.9%
CVE-2015-2069 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Woocommerce
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1605 HIGH This Week

Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Asset Manager
NVD
CVSS 2.0
7.5
EPSS
3.4%
CVE-2015-1881 MEDIUM POC PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Image Registry And Delivery Service Glance
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2014-9684 MEDIUM POC PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Image Registry And Delivery Service Glance
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2014-8487 MEDIUM POC This Month

Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Enterprise Mobile Management
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-2066 HIGH This Week

SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Dlguard
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-7423 MEDIUM This Month

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Server Aus Ubuntu Linux Opensuse Glibc
NVD GitHub
CVSS 2.0
5.0
EPSS
4.7%
CVE-2014-9282 MEDIUM This Month

Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google Explorer Root Explorer
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-6115 MEDIUM PATCH This Month

IBM Rational Insight 1.1.1.5 allows remote attackers to bypass authentication and obtain sensitive information via a crafted request to a Jazz Reporting Service (JRS) report URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Insight
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-1572 MEDIUM This Month

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow E2Fsprogs Debian Linux Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-2064 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) c, or (3) redirect parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Dlguard
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4818 LOW Monitor

dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy