Skip to main content
CVE-2015-2701 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Cs Cart
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-9711 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Triton Ap Web Triton Web Filter Triton Web Security Triton Web Security Gateway +1
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-2703 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Triton Ap Web V Series Appliances
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-2702 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Triton Ap Data Triton Ap Email Triton Ap Web V Series Appliances
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8925 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM XSS CSRF Rational Clearquest
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0295 MEDIUM This Month

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fedora Opensuse Qt
NVD
CVSS 2.0
5.0
EPSS
3.6%
CVE-2015-2316 MEDIUM PATCH This Month

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Solaris Django Ubuntu Linux +2
NVD
CVSS 2.0
5.0
EPSS
2.0%
CVE-2015-2317 MEDIUM PATCH This Month

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Debian Linux Fedora Opensuse +3
NVD
CVSS 2.0
4.3
EPSS
4.3%
CVE-2015-0138 MEDIUM PATCH This Month

GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Information Disclosure Tivoli Directory Server
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-2559 LOW Monitor

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Debian Linux Drupal
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-8923 LOW PATCH Monitor

The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows,. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Security Identity Manager Active Directory Adapter Tivoli Identity Manager Active Directory Adapter
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-6134 LOW PATCH Monitor

IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation. Rated low severity (CVSS 1.2). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Installation Manager Rational Clearcase
NVD
CVSS 2.0
1.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy