Skip to main content
CVE-2015-1874 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF WordPress PHP Contact Form Db
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-2063 MEDIUM POC This Month

Integer overflow in unace 1.2b allows remote attackers to cause a denial of service (crash) via a small file header in an ace archive, which triggers a buffer overflow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Unace
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2015-2095 MEDIUM This Month

Heap-based buffer overflow in the SetConnectInfo function in the WESPPTZ.WESPPTZCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via crafted arguments. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Edvr Manager
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-2093 MEDIUM This Month

Stack-based buffer overflow in the Connect function in the WebGate WebEyeAudio ActiveX control allows remote attackers to execute arbitrary code via a crafted value. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Webeyeaudio
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-1220 MEDIUM This Month

Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary Enterprise Linux Server Supplementary Eus +3
NVD
CVSS 2.0
6.8
EPSS
3.1%
CVE-2015-2096 MEDIUM This Month

Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Edvr Manager
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2015-1464 MEDIUM This Month

RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fedora Request Tracker
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2015-1224 MEDIUM This Month

The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
5.0
EPSS
4.1%
CVE-2015-2206 MEDIUM This Month

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF PHP Information Disclosure Fedora Phpmyadmin
NVD GitHub
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-1225 MEDIUM This Month

PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-1165 MEDIUM This Month

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Fedora Request Tracker
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-9689 MEDIUM This Month

content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-1229 MEDIUM This Month

net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Code Injection Ubuntu Linux Chrome Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-1226 MEDIUM This Month

The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-2239 MEDIUM This Month

Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Chrome
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-2244 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Webshop Hun
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy