Skip to main content
CVE-2015-2067 MEDIUM POC THREAT This Month

Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.4%.

Path Traversal Adobe PHP Magmi
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
76.4%
Threat
4.8
CVE-2015-0555 MEDIUM POC THREAT This Month

Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 24.9%.

RCE Samsung Buffer Overflow Ipolis Device Manager
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
24.9%
CVE-2015-2071 MEDIUM POC THREAT This Month

Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.9%.

Path Traversal Samepage
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
14.9%
CVE-2015-2077 MEDIUM POC This Month

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure Microsoft Redirector Sdk
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2015-2078 MEDIUM POC This Month

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Redirector Sdk
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-2068 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Adobe PHP Magmi
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.9%
CVE-2015-2069 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Woocommerce
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1881 MEDIUM POC PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Image Registry And Delivery Service Glance
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2014-9684 MEDIUM POC PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Image Registry And Delivery Service Glance
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2014-8487 MEDIUM POC This Month

Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Enterprise Mobile Management
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-7423 MEDIUM This Month

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Server Aus Ubuntu Linux Opensuse Glibc
NVD GitHub
CVSS 2.0
5.0
EPSS
4.7%
CVE-2014-9282 MEDIUM This Month

Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google Explorer Root Explorer
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-6115 MEDIUM PATCH This Month

IBM Rational Insight 1.1.1.5 allows remote attackers to bypass authentication and obtain sensitive information via a crafted request to a Jazz Reporting Service (JRS) report URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Insight
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-1572 MEDIUM This Month

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow E2Fsprogs Debian Linux Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-2064 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) c, or (3) redirect parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Dlguard
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy