Skip to main content
CVE-2014-9566 HIGH POC THREAT Act Now

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.5%.

SQLi Node.js Orion Ip Address Manager Orion Netflow Traffic Analyzer Orion Network Configuration Manager +5
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
77.5%
Threat
5.3
CVE-2015-2183 HIGH POC This Week

Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zeuscart
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
3.9%
CVE-2015-2184 MEDIUM POC THREAT This Month

ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.5%.

Information Disclosure Zeuscart
NVD Exploit-DB GitHub
CVSS 2.0
5.0
EPSS
11.5%
CVE-2015-2217 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Ultimate Php Board
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8105 MEDIUM This Month

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server Fedora
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-0201 MEDIUM PATCH This Month

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Spring Framework
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-8112 MEDIUM This Month

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 389 Directory Server Fedora
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-0271 MEDIUM This Month

The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openstack
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy