Skip to main content
CVE-2015-4713 MEDIUM POC This Month

SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hotel Site
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-4590 MEDIUM POC This Month

The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Arduino Json
NVD GitHub
CVSS 2.0
5.0
EPSS
1.0%
CVE-2015-4714 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Dreambox Dm500 S Firmware
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-3237 MEDIUM PATCH This Month

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Curl Libcurl System Management Homepage +2
NVD
CVSS 2.0
6.4
EPSS
5.1%
CVE-2015-3233 MEDIUM PATCH This Month

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Drupal
NVD
CVSS 2.0
5.8
EPSS
4.9%
CVE-2015-3236 MEDIUM PATCH This Month

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Libcurl
NVD
CVSS 2.0
5.0
EPSS
4.5%
CVE-2015-3232 MEDIUM This Month

Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Drupal Debian Linux
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2015-3234 MEDIUM PATCH This Month

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Drupal Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-0526 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Validation Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-3231 MEDIUM This Month

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Drupal Debian Linux
NVD
CVSS 2.0
4.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy