Skip to main content
CVE-2015-2775 HIGH POC This Week

Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Ubuntu Linux Debian Linux Enterprise Linux Mailman
NVD
CVSS 2.0
7.6
EPSS
3.8%
CVE-2015-2942 HIGH POC PATCH This Week

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Mediawiki
NVD
CVSS 2.0
7.1
EPSS
1.7%
CVE-2015-2846 CRITICAL Act Now

BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Sync
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2014-9714 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Hiphop Virtual Machine
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-2941 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2931 MEDIUM POC PATCH This Month

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0675 HIGH This Week

The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
8.3
EPSS
0.2%
CVE-2015-0677 HIGH This Week

The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3),. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
7.8
EPSS
1.1%
CVE-2015-2937 HIGH PATCH This Week

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Mediawiki
NVD
CVSS 2.0
7.1
EPSS
2.0%
CVE-2015-2936 HIGH PATCH This Week

MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Mediawiki
NVD
CVSS 2.0
7.1
EPSS
1.9%
CVE-2015-0676 HIGH This Week

The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
7.1
EPSS
0.3%
CVE-2015-2940 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Checkuser
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-2935 MEDIUM PATCH This Month

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mediawiki
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0840 MEDIUM PATCH This Month

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Debian Authentication Bypass Dpkg Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-2939 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Scribunto
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-2938 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2934 MEDIUM PATCH This Month

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2933 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2932 MEDIUM PATCH This Month

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy