Skip to main content
CVE-2015-2166 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.6%.

Path Traversal Ericsson Drutt Mobile Service Delivery Platform
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
73.6%
Threat
4.7
CVE-2015-0134 CRITICAL PATCH Act Now

Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 29.3%.

IBM RCE Buffer Overflow Domino
NVD
CVSS 2.0
10.0
EPSS
29.3%
CVE-2015-0117 CRITICAL PATCH Act Now

The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.8%.

IBM Denial Of Service RCE Buffer Overflow Domino
NVD
CVSS 2.0
10.0
EPSS
21.8%
CVE-2015-2824 HIGH POC PATCH THREAT Act Now

Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.8%.

WordPress SQLi PHP Simple Ads Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
11.8%
CVE-2015-0179 HIGH POC PATCH This Week

Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

IBM Privilege Escalation Domino
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.7%
CVE-2015-2167 MEDIUM POC This Month

Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Ericsson Open Redirect Drutt Mobile Service Delivery Platform
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-6221 CRITICAL PATCH Act Now

The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers,. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Rational Clearcase
NVD
CVSS 2.0
9.4
EPSS
0.6%
CVE-2015-2165 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ericsson Drutt Mobile Service Delivery Platform
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0119 HIGH PATCH This Week

FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

IBM RCE Authentication Bypass Tivoli Storage Manager Fastback
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2015-0877 HIGH This Week

Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a \0 character in its name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload C Board Moyuku
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-1893 MEDIUM PATCH This Month

The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM Privilege Escalation Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1601 MEDIUM PATCH This Month

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Siemens Simatic Step 7
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-1843 MEDIUM This Month

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Docker Red Hat Information Disclosure
NVD
CVSS 2.0
4.3
EPSS
1.5%
CVE-2015-1890 LOW PATCH Monitor

/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure General Parallel File System
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1602 LOW PATCH Monitor

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Siemens Simatic Step 7
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy