Skip to main content
CVE-2015-4068 CRITICAL KEV THREAT Emergency

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 80.9%.

Denial Of Service Path Traversal
NVD VulDB
CVSS 3.1
9.1
EPSS
80.9%
Threat
5.7
CVE-2014-9727 CRITICAL POC THREAT Emergency

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 87.8%.

Command Injection Fritz Box
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
87.8%
Threat
6.1
CVE-2015-4031 CRITICAL Emergency

Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.2% and no vendor patch available.

Path Traversal Netcharts Server
NVD
CVSS 2.0
10.0
EPSS
34.2%
CVE-2015-1833 MEDIUM POC PATCH THREAT This Month

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

XXE Apache Jackrabbit
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
31.0%
CVE-2015-4060 CRITICAL Act Now

Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.0% and no vendor patch available.

RCE Buffer Overflow Connectpro
NVD
CVSS 2.0
10.0
EPSS
15.0%
CVE-2015-4059 CRITICAL Act Now

Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.0% and no vendor patch available.

RCE Buffer Overflow Terminal Emulation
NVD
CVSS 2.0
10.0
EPSS
15.0%
CVE-2015-4047 HIGH POC This Week

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Ipsec Tools Ubuntu Linux Fedora +22
NVD
CVSS 2.0
7.8
EPSS
2.7%
CVE-2015-4067 CRITICAL Act Now

Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.

RCE Buffer Overflow Dell Netvault Backup
NVD
CVSS 2.0
10.0
EPSS
10.8%
CVE-2015-4137 HIGH POC This Week

SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Milw0Rm Clone Script
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-4032 CRITICAL Act Now

projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Netcharts Server
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2013-7441 HIGH This Week

The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Nbd
NVD GitHub
CVSS 2.0
7.8
EPSS
3.6%
CVE-2015-3904 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) pin,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Roomcloud
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-0847 HIGH PATCH This Week

nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ubuntu Linux Nbd
NVD
CVSS 2.0
7.8
EPSS
2.6%
CVE-2015-4069 HIGH This Week

The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arcserve Unified Data Protection
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2015-0751 HIGH This Week

Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Manager
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2015-0754 HIGH This Week

Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Finesse
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-0753 MEDIUM This Month

SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco SQLi Unified Web And E Mail Interaction Manager
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-0755 MEDIUM This Month

The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0756 MEDIUM This Month

Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller
NVD
CVSS 2.0
6.1
EPSS
0.4%
CVE-2015-0757 MEDIUM This Month

The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine Software
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0752 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Telepresence Video Communication Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3995 MEDIUM This Month

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Hana
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-3994 MEDIUM This Month

The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Hana
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-0200 LOW PATCH Monitor

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Commerce
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy