Skip to main content
CVE-2015-4050 MEDIUM POC PATCH THREAT This Month

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 76.2%.

Authentication Bypass Symfony
NVD
CVSS 2.0
4.3
EPSS
76.2%
Threat
4.6
CVE-2014-0999 MEDIUM POC THREAT This Month

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%.

Information Disclosure Sendio
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
14.5%
CVE-2014-8391 MEDIUM POC This Month

The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sendio
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
9.7%
CVE-2015-2278 MEDIUM POC This Month

The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SAP Buffer Overflow Gui Maxdb +4
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-4158 MEDIUM POC This Month

SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SAP Java Netweaver Abap Application Server Netweaver Java Application Server
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-4157 MEDIUM POC This Month

SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SAP Content Server
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-2944 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Apache Sling Api Sling Servlets Post
NVD
CVSS 2.0
4.3
EPSS
2.9%
CVE-2015-0759 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco CSRF Headend Digital Broadband Delivery System
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-1945 MEDIUM PATCH This Month

Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Infosphere Master Data Management Server
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-4094 MEDIUM This Month

The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Secret Server
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-3982 MEDIUM PATCH This Month

The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Django
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-4162 MEDIUM This Month

XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Paloalto Pan Os
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy