Skip to main content
CVE-2012-4902 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Template Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-3141 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Xeams
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-6691 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP SQLi Oscmax
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-4901 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Template Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.8%
CVE-2012-1664 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Oscmax
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2015-1251 MEDIUM This Month

Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Google Chrome Debian Linux
NVD
CVSS 2.0
6.8
EPSS
4.5%
CVE-2015-1255 MEDIUM This Month

Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Debian Linux
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2015-0740 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Unified Intelligence Center
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-8924 MEDIUM PATCH This Month

The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE License Metric Tool Tivoli Asset Discovery For Distributed
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2015-1254 MEDIUM This Month

core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Debian Linux Chrome
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2015-4016 MEDIUM PATCH This Month

The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Steam Client
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-1261 MEDIUM This Month

android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Java Debian Linux Chrome
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-1263 MEDIUM This Month

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Chrome Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-1264 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Chrome Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-3243 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Adobe Seogento
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0189 MEDIUM PATCH This Month

The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Websphere Mq
NVD
CVSS 2.0
4.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy