Skip to main content
CVE-2015-2102 HIGH POC This Week

SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Clipbucket
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.2%
CVE-2015-0977 CRITICAL Act Now

Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Intravue
NVD
CVSS 2.0
10.0
EPSS
0.8%
CVE-2015-2103 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Cosmoshop
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2072 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS SAP Hana
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1414 HIGH This Week

Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pfsense Debian Linux Freebsd
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2015-0883 MEDIUM This Month

SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5, when the mailauth module is enabled, does not properly send e-mail messages, which allows remote attackers to execute arbitrary code via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mailform Pro Cgi
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2015-0651 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Application Networking Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0632 MEDIUM This Month

Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the. Rated medium severity (CVSS 5.7). No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS +1
NVD
CVSS 2.0
5.7
EPSS
0.2%
CVE-2015-2075 MEDIUM This Month

SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Businessobjects Edge
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-2076 MEDIUM This Month

The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Edge
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-2101 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Navigate
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-0882 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Zen Cart
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0594 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Lan Management Solution Security Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy