Skip to main content
CVE-2015-3043 CRITICAL POC KEV PATCH THREAT Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Memory Corruption Denial Of Service RCE Adobe +1
NVD Exploit-DB GitHub VulDB
CVSS 3.1
9.8
EPSS
87.4%
Threat
7.6
CVE-2015-1635 CRITICAL POC KEV PATCH THREAT Act Now

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Code Injection Microsoft RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
94.3%
Threat
7.8
CVE-2015-1641 HIGH KEV PATCH THREAT Act Now

Microsoft Word 2007 through 2013 and SharePoint components contain a memory corruption vulnerability in RTF processing that allows remote code execution, heavily exploited by multiple APT groups throughout 2015-2017.

Buffer Overflow Microsoft RCE Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
93.6%
Threat
7.9
CVE-2015-0359 CRITICAL POC PATCH THREAT Act Now

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.6%.

Adobe RCE Microsoft Flash Player
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
88.6%
Threat
6.2
CVE-2015-3042 CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.9%.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
51.9%
Threat
5.1
CVE-2015-1650 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 60.8% and no vendor patch available.

RCE Denial Of Service Microsoft Office Office Compatibility Pack +4
NVD
CVSS 2.0
9.3
EPSS
60.8%
CVE-2015-1649 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 54.8% and no vendor patch available.

RCE Denial Of Service Microsoft Office Office Compatibility Pack +4
NVD
CVSS 2.0
9.3
EPSS
54.8%
CVE-2015-1651 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 53.1% and no vendor patch available.

RCE Denial Of Service Microsoft Office Compatibility Pack Word +1
NVD
CVSS 2.0
9.3
EPSS
53.1%
CVE-2015-1645 CRITICAL Emergency

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 46.0% and no vendor patch available.

RCE Code Injection Microsoft Windows 7 Windows Server 2003 +2
NVD
CVSS 2.0
9.3
EPSS
46.0%
CVE-2015-2113 CRITICAL Act Now

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.2% and no vendor patch available.

HP RCE Easy Tools
NVD
CVSS 2.0
10.0
EPSS
28.2%
CVE-2015-1667 CRITICAL Act Now

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 29.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
29.5%
CVE-2015-1666 CRITICAL Act Now

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 29.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
29.5%
CVE-2015-1662 CRITICAL Act Now

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 29.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
29.5%
CVE-2015-1660 CRITICAL Act Now

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 29.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
29.5%
CVE-2015-1657 CRITICAL Act Now

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.4% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
27.4%
CVE-2015-1668 CRITICAL Act Now

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.6% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
19.6%
CVE-2015-1665 CRITICAL Act Now

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.6% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
19.6%
CVE-2015-1659 CRITICAL Act Now

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.6% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
19.6%
CVE-2015-1652 CRITICAL Act Now

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.6% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
19.6%
CVE-2015-0349 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.0%.

Adobe RCE Microsoft Flash Player Enterprise Linux Desktop Supplementary +6
NVD
CVSS 2.0
10.0
EPSS
11.0%
CVE-2015-3038 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
9.3%
CVE-2015-3039 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +6
NVD
CVSS 2.0
10.0
EPSS
8.7%
CVE-2015-0351 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Flash Player Opensuse +6
NVD
CVSS 2.0
10.0
EPSS
8.7%
CVE-2014-9145 HIGH POC This Week

Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fiyo Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-2788 CRITICAL Act Now

Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Debian Linux Dbd Firebird
NVD
CVSS 2.0
10.0
EPSS
7.8%
CVE-2015-0346 CRITICAL PATCH Act Now

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +6
NVD
CVSS 2.0
10.0
EPSS
7.0%
CVE-2015-0348 CRITICAL PATCH Act Now

Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Buffer Overflow RCE Microsoft Enterprise Linux Desktop Supplementary +7
NVD
CVSS 2.0
10.0
EPSS
5.6%
CVE-2015-0356 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code by leveraging an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Flash Player
NVD
CVSS 2.0
10.0
EPSS
5.4%
CVE-2015-3041 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0360 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0355 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0354 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0353 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0352 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0350 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0347 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2014-9488 CRITICAL Act Now

The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Opensuse Less
NVD
CVSS 2.0
10.0
EPSS
2.3%
CVE-2015-0358 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Opensuse Suse Linux Enterprise Desktop +6
NVD
CVSS 2.0
10.0
EPSS
2.3%
CVE-2015-1638 MEDIUM This Month

Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Epss exploitation probability 22.7% and no vendor patch available.

Privilege Escalation Information Disclosure Microsoft Windows Server 2012
NVD
CVSS 2.0
5.8
EPSS
22.7%
CVE-2015-1646 MEDIUM This Month

Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 28.1% and no vendor patch available.

Privilege Escalation Microsoft Xml Core Services
NVD
CVSS 2.0
4.3
EPSS
28.1%
CVE-2015-1648 LOW Monitor

ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Epss exploitation probability 34.8% and no vendor patch available.

Information Disclosure Microsoft Net Framework
NVD
CVSS 2.0
2.6
EPSS
34.8%
CVE-2015-2112 CRITICAL Act Now

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Easy Tools
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2015-2223 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Paloalto Traps
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.9%
CVE-2014-9146 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Fiyo Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-2781 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Hotex Billing Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2926 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Phptraffica
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1661 MEDIUM This Month

Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 18.8% and no vendor patch available.

Privilege Escalation Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
18.8%
CVE-2015-1644 HIGH PATCH This Week

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD
CVSS 2.0
7.2
EPSS
2.8%
CVE-2015-1643 HIGH PATCH This Week

Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD
CVSS 2.0
7.2
EPSS
2.3%
CVE-2014-8360 HIGH This Week

Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Glpi
NVD
CVSS 2.0
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy