Skip to main content
CVE-2015-4153 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 45.9%.

Path Traversal WordPress PHP Zm Ajax Login Register
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
45.9%
CVE-2014-8603 MEDIUM POC This Month

cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Xcloner
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
6.2%
CVE-2015-4108 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF RCE Wing Ftp Server
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-8604 MEDIUM POC This Month

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Xcloner
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.4%
CVE-2014-8605 MEDIUM POC This Month

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Xcloner
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
7.7%
CVE-2014-8606 MEDIUM POC This Month

Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Xcloner
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
7.3%
CVE-2015-3923 MEDIUM POC This Month

Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Coppermine Photo Gallery
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-1748 MEDIUM This Month

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Internet Explorer
NVD
CVSS 2.0
6.8
EPSS
9.8%
CVE-2015-1739 MEDIUM This Month

Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Internet Explorer
NVD
CVSS 2.0
6.8
EPSS
8.4%
CVE-2015-4465 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Zm Ajax Login Register
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3935 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Dolibarr
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1758 MEDIUM This Month

Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows Rt +3
NVD
CVSS 2.0
6.9
EPSS
5.4%
CVE-2015-1765 MEDIUM This Month

Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 17.0% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
17.0%
CVE-2015-1771 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Microsoft Exchange Server
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-1743 MEDIUM PATCH This Month

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
5.1
EPSS
9.8%
CVE-2015-3096 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Adobe CSRF Google Microsoft Air +4
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-3097 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Air Air Sdk +3
NVD
CVSS 2.0
5.0
EPSS
9.2%
CVE-2015-2359 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.1% and no vendor patch available.

XSS Microsoft Exchange Server
NVD
CVSS 2.0
4.3
EPSS
12.1%
CVE-2015-1757 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

XSS Microsoft Active Directory Federation Services
NVD
CVSS 2.0
4.3
EPSS
10.7%
CVE-2015-1764 MEDIUM This Month

The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Microsoft Exchange Server
NVD
CVSS 2.0
4.3
EPSS
8.1%
CVE-2015-3102 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Google Information Disclosure Microsoft Air +4
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-3099 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Google Information Disclosure Microsoft Air +4
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-3098 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Google Information Disclosure Microsoft Air +4
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-3108 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Google Information Disclosure Microsoft Flash Player +4
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-4415 MEDIUM This Month

Multiple directory traversal vulnerabilities in func.php in Magnifica Webscripts Anima Gallery 2.6 allow remote attackers to include and execute arbitrary local files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Anima Gallery
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3101 MEDIUM PATCH This Month

The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Adobe Privilege Escalation Google Microsoft Air +4
NVD
CVSS 2.0
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy