Skip to main content
CVE-2015-3205 HIGH POC This Week

libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes at the end of the file, related to "free" function calls in the "lexer's memory clean-up procedure.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Libmimedir
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.6%
CVE-2015-2805 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Omniswitch Firmware
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.1%
CVE-2015-2804 MEDIUM POC This Month

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Omniswitch Firmware
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-4606 HIGH PATCH This Week

Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE File Upload Apache Job Fair
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2015-4607 HIGH PATCH This Week

Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE File Upload Frontend User Upload
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-3395 MEDIUM This Month

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ubuntu Linux Ffmpeg Libav
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-4612 MEDIUM PATCH This Month

SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Faq Frequently Asked Questions
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-4611 MEDIUM PATCH This Month

SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Smoelenboek
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-4610 MEDIUM PATCH This Month

SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Store Locator
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-4609 MEDIUM PATCH This Month

SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Wt Directory
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-4613 MEDIUM PATCH This Month

SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Developer Log
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-4398 MEDIUM PATCH This Month

Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Ctools
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2015-4374 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Webform
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-4608 LOW Monitor

Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Be User Log
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-3010 LOW PATCH Monitor

ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ceph Deploy
NVD GitHub
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy