Skip to main content
CVE-2015-3306 CRITICAL POC THREAT Emergency

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.7%.

Authentication Bypass Proftpd
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
93.7%
Threat
6.3
CVE-2014-8383 CRITICAL POC Act Now

The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass In3128Hd Firmware
NVD
CVSS 2.0
10.0
EPSS
4.5%
CVE-2014-8384 CRITICAL POC Act Now

The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure In3128Hd Firmware
NVD
CVSS 2.0
9.4
EPSS
1.1%
CVE-2015-2667 HIGH POC This Week

Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gns3
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-0278 CRITICAL PATCH Act Now

libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fedora Libuv Node Js
NVD GitHub
CVSS 2.0
10.0
EPSS
1.6%
CVE-2015-2346 MEDIUM POC This Month

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Huawei Seq Analyst
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2015-1868 HIGH This Week

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Fedora Recursor
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2015-3629 HIGH PATCH This Week

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Information Disclosure Libcontainer Opensuse
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2015-3630 HIGH PATCH This Week

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Docker Privilege Escalation
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-3627 HIGH PATCH This Week

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Docker Information Disclosure Libcontainer
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-2704 MEDIUM This Month

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Realmd
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-3455 LOW Monitor

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Linux Solaris Squid Fedora
NVD
CVSS 2.0
2.6
EPSS
6.5%
CVE-2015-3631 LOW PATCH Monitor

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity.

Docker Privilege Escalation
NVD
CVSS 2.0
3.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy