Skip to main content
CVE-2015-2090 HIGH POC This Week

SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Wordpress Survey And Poll
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.3%
CVE-2015-2089 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Crossslide Jquery
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0633 MEDIUM This Month

The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Computing System
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-2087 MEDIUM PATCH This Month

Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP File Upload Avatar Uploader
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-2088 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Term Queue
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2086 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Panopoly Magic
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy