Skip to main content
CVE-2015-4050 MEDIUM POC PATCH THREAT This Month

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 76.2%.

Authentication Bypass Symfony
NVD
CVSS 2.0
4.3
EPSS
76.2%
Threat
4.6
CVE-2014-0999 MEDIUM POC THREAT This Month

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%.

Information Disclosure Sendio
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
14.5%
CVE-2015-2282 HIGH POC This Week

Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE SAP Buffer Overflow Gui +5
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-4161 HIGH POC This Week

SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Afaria
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-4160 HIGH POC This Week

SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi SAP Ase Database Platform
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-4159 HIGH POC This Week

SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi SAP Hana Web Based Development Workbench
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-0850 CRITICAL PATCH Act Now

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Fusionforge
NVD
CVSS 2.0
10.0
EPSS
6.7%
CVE-2014-8391 MEDIUM POC This Month

The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sendio
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
9.7%
CVE-2015-2278 MEDIUM POC This Month

The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SAP Buffer Overflow Gui Maxdb +4
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-4158 MEDIUM POC This Month

SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SAP Java Netweaver Abap Application Server Netweaver Java Application Server
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-4157 MEDIUM POC This Month

SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SAP Content Server
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-2944 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Apache Sling Api Sling Servlets Post
NVD
CVSS 2.0
4.3
EPSS
2.9%
CVE-2015-0759 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco CSRF Headend Digital Broadband Delivery System
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-1945 MEDIUM PATCH This Month

Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Infosphere Master Data Management Server
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-4094 MEDIUM This Month

The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Secret Server
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-3982 MEDIUM PATCH This Month

The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Django
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-4162 MEDIUM This Month

XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Paloalto Pan Os
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-4155 LOW Monitor

GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Parallel
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2015-4156 LOW Monitor

GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Opensuse Parallel
NVD
CVSS 2.0
3.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy