Skip to main content
CVE-2015-2838 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Citrix Netscaler
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
4.3%
CVE-2015-2841 MEDIUM POC This Month

Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Authentication Bypass Netscaler
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
4.4%
CVE-2014-8390 MEDIUM POC PATCH This Month

Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file. Rated medium severity (CVSS 4.4). Public exploit code available.

Schneider Electric Buffer Overflow Vampset
NVD
CVSS 2.0
4.4
EPSS
0.2%
CVE-2015-2839 MEDIUM POC This Month

The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Citrix Netscaler
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-2840 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Citrix Netscaler
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5403 MEDIUM This Month

Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mednet
NVD GitHub
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-5400 MEDIUM This Month

The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mednet
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0682 MEDIUM This Month

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation RCE Unified Communications Domain Manager
NVD
CVSS 2.0
6.5
EPSS
1.2%
CVE-2015-0684 MEDIUM This Month

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-0993 MEDIUM This Month

Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ignition
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2015-0686 MEDIUM This Month

The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 2.0
6.3
EPSS
0.8%
CVE-2015-0687 MEDIUM This Month

The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2015-0902 MEDIUM PATCH This Month

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure All In One Seo Pack
NVD
CVSS 2.0
5.0
EPSS
1.7%
CVE-2015-0991 MEDIUM This Month

Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ignition
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-0995 MEDIUM This Month

Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ignition
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0990 MEDIUM PATCH This Month

Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Rated medium severity (CVSS 4.4).

Information Disclosure Integraxor
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-0976 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Ignition
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-0994 MEDIUM This Month

Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ignition
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-0683 MEDIUM This Month

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Domain Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy