Skip to main content
CVE-2015-2805 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Omniswitch Firmware
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.1%
CVE-2015-2804 MEDIUM POC This Month

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Omniswitch Firmware
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-3395 MEDIUM This Month

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ubuntu Linux Ffmpeg Libav
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-4612 MEDIUM PATCH This Month

SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Faq Frequently Asked Questions
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-4611 MEDIUM PATCH This Month

SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Smoelenboek
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-4610 MEDIUM PATCH This Month

SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Store Locator
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-4609 MEDIUM PATCH This Month

SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Wt Directory
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-4613 MEDIUM PATCH This Month

SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Developer Log
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-4398 MEDIUM PATCH This Month

Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Ctools
NVD
CVSS 2.0
5.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy