Skip to main content
CVE-2015-2845 CRITICAL POC THREAT Emergency

The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 87.5%.

Command Injection PHP Goadmin Ce
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
87.5%
Threat
6.1
CVE-2015-2843 HIGH POC THREAT Act Now

Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 80.0%.

PHP SQLi Goadmin Ce
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
80.0%
Threat
5.4
CVE-2015-2842 CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.9%.

RCE PHP File Upload Goadmin Ce
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
43.9%
Threat
4.8
CVE-2015-2844 CRITICAL POC THREAT Emergency

The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.1%.

Command Injection PHP Goadmin Ce
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
39.1%
Threat
4.7
CVE-2015-1880 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 59.4%.

XSS Fortinet Fortios
NVD
CVSS 2.0
4.3
EPSS
59.4%
Threat
4.1
CVE-2015-2219 HIGH POC THREAT Act Now

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 29.6%.

Privilege Escalation Lenovo System Update
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
29.6%
CVE-2015-3622 MEDIUM POC This Month

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse Fedora Libtasn1
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2015-3620 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Fortinet Fortimanager Firmware Fortianalyzer Firmware
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-2233 HIGH This Week

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo System Update
NVD
CVSS 2.0
8.3
EPSS
0.1%
CVE-2015-1860 MEDIUM PATCH This Month

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Fedora Qt
NVD
CVSS 2.0
6.8
EPSS
6.4%
CVE-2015-2829 HIGH PATCH This Week

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Citrix Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
7.8
EPSS
1.3%
CVE-2015-1859 MEDIUM PATCH This Month

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Fedora Qt
NVD
CVSS 2.0
6.8
EPSS
4.4%
CVE-2015-3979 HIGH This Week

Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Customer Relationship Management
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-3980 HIGH This Week

SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Customer Relationship Management
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2015-1858 MEDIUM PATCH This Month

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Qt Fedora
NVD
CVSS 2.0
6.8
EPSS
2.6%
CVE-2015-2234 MEDIUM This Month

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Information Disclosure Lenovo System Update
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-3451 MEDIUM This Month

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Xml Libxml Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 2.0
5.0
EPSS
5.0%
CVE-2015-2221 MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Clamav Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-2668 MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Clamav Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-2222 MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ubuntu Linux Clamav
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-2170 MEDIUM PATCH This Month

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ubuntu Linux Clamav
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-3981 MEDIUM This Month

SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Rfc Sdk
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8616 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortios
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8619 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortiweb
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8618 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortiadc Firmware Fortiadc 1500D Fortiadc 2000D +3
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9326 MEDIUM This Month

The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Big Ip Application Acceleration Manager Big Ip Policy Enforcement Manager Big Ip Policy Enforcement Manager11 5 1 Big Ip Global Traffic Manager +6
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-3646 MEDIUM PATCH This Month

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keystone Solaris
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-3978 LOW Monitor

SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Sybase Unwired Platform Online Data Proxy
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy