Skip to main content
CVE-2015-1397 MEDIUM POC THREAT This Month

SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.5%.

Adobe SQLi Magento
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
71.5%
Threat
4.9
CVE-2015-1398 MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 29.0%.

Path Traversal Adobe PHP Magento
NVD
CVSS 2.0
6.5
EPSS
29.0%
CVE-2015-3459 CRITICAL Act Now

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.7% and no vendor patch available.

Privilege Escalation Lifecare Pcainfusion Firmware Lifecare Pca3 Lifecare Pca5
NVD
CVSS 2.0
10.0
EPSS
17.7%
CVE-2015-3026 MEDIUM POC THREAT This Month

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Denial Of Service Icecast Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
15.3%
CVE-2015-1399 MEDIUM POC PATCH This Month

PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Adobe RCE PHP Code Injection Magento
NVD
CVSS 2.0
6.5
EPSS
4.4%
CVE-2015-3458 MEDIUM POC PATCH This Month

The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Adobe PHP Privilege Escalation Magento
NVD
CVSS 2.0
6.5
EPSS
2.1%
CVE-2015-3447 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sonicwall Dell Sonicos
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-1321 MEDIUM This Month

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Ubuntu Linux Oxide
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2015-0709 MEDIUM This Month

Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe iOS
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-3457 MEDIUM PATCH This Month

Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Adobe Authentication Bypass Magento
NVD
CVSS 2.0
5.0
EPSS
9.0%
CVE-2015-0710 MEDIUM This Month

The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 2.0
6.1
EPSS
0.2%
CVE-2015-0708 MEDIUM This Month

Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe iOS
NVD
CVSS 2.0
6.1
EPSS
0.2%
CVE-2015-0711 MEDIUM This Month

The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Staros
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-1322 MEDIUM This Month

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Canonical Ubuntu Ubuntu Linux Network Manager
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2015-3448 LOW PATCH Monitor

REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Rest Client
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy