Skip to main content
CVE-2015-2803 MEDIUM POC PATCH This Month

SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

PHP SQLi Akronymmanager
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
4.3%
CVE-2015-4414 MEDIUM POC This Month

Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Se Html5 Album Audio Player
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
9.1%
CVE-2015-4336 MEDIUM POC This Month

cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection WordPress PHP Xcloner
NVD
CVSS 2.0
6.5
EPSS
1.5%
CVE-2015-0546 CRITICAL Act Now

EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Unified Infrastructure Manager Provisioning
NVD
CVSS 2.0
10.0
EPSS
3.4%
CVE-2015-3429 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Genericons Debian Linux
NVD GitHub
CVSS 2.0
4.3
EPSS
1.5%
CVE-2012-6692 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Wordpress Seo
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-4342 HIGH PATCH This Week

SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Cacti Fedora
NVD
CVSS 2.0
7.5
EPSS
3.8%
CVE-2015-4454 HIGH PATCH This Week

SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Cacti Fedora
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-4337 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Xcloner
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-4186 HIGH This Week

The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Virtualization Experience Client 6000 Series Firmware
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-4183 HIGH This Week

Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Unified Computing System
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-4338 MEDIUM This Month

Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress PHP Code Injection Xcloner
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2015-4188 MEDIUM This Month

SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Prime Collaboration
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-3316 MEDIUM This Month

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Network And Systems Management Client Automation Nsm Job Management Option Universal Job Management Agent +2
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-3318 MEDIUM This Month

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Client Automation Network And Systems Management Nsm Job Management Option Universal Job Management Agent +2
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-3317 MEDIUM This Month

CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Client Automation Network And Systems Management Nsm Job Management Option Universal Job Management Agent +2
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-4550 MEDIUM This Month

The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-2665 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cacti Fedora
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-4190 MEDIUM This Month

Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Prime Service Catalog
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy