Skip to main content
CVE-2015-2208 HIGH POC THREAT Act Now

The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.1%.

Command Injection PHP Phpmoadmin
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
88.1%
Threat
5.6
CVE-2015-0525 HIGH POC This Week

The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Secure Remote Services
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2015-2237 HIGH POC This Week

Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Betster
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-0524 HIGH POC This Week

SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Secure Remote Services
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-2285 HIGH POC This Week

The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ubuntu Upstart Vivid
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.7%
CVE-2015-2275 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.0%.

XSS PHP Community Gallery
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
14.0%
CVE-2015-1061 CRITICAL Act Now

IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Apple Code Injection Tvos Iphone Os +1
NVD
CVSS 2.0
9.3
EPSS
5.4%
CVE-2015-1066 CRITICAL Act Now

Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2015-2241 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Python Django
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0523 HIGH This Week

EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Rsa Certificate Manager Rsa Registration Manager
NVD
CVSS 2.0
7.8
EPSS
1.3%
CVE-2015-1063 HIGH This Week

CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2015-2151 HIGH PATCH This Week

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Denial Of Service RCE Privilege Escalation Buffer Overflow Fedora +2
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-1065 MEDIUM This Month

Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data. Rated medium severity (CVSS 5.4). No vendor patch available.

Apple Buffer Overflow RCE Mac Os X Iphone Os
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2015-1062 MEDIUM This Month

MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Tvos Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-2150 MEDIUM This Month

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Linux Ubuntu Xen +1
NVD GitHub
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-0522 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Certificate Manager Rsa Registration Manager
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-0521 LOW Monitor

Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Certificate Manager Rsa Registration Manager
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-2044 LOW Monitor

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-2045 LOW PATCH Monitor

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1064 LOW Monitor

Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy