Skip to main content
CVE-2015-3113 CRITICAL POC KEV PATCH THREAT Act Now

Adobe Flash Player contains a heap-based buffer overflow that allows remote code execution, exploited as a zero-day in June 2015 by APT3 (a Chinese cyber espionage group) in phishing campaigns targeting aerospace and defense organizations.

Buffer Overflow Memory Corruption RCE Adobe Microsoft
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
92.4%
Threat
9.7
CVE-2015-4726 HIGH POC This Week

PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Audioshare
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-4586 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Cellpipe 7130 Rg 5Ae M2013 Hol Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4725 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Audioshare
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-4200 HIGH This Week

Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
7.8
EPSS
0.9%
CVE-2015-2860 HIGH This Week

Directory traversal vulnerability in Avigilon Control Center (ACC) 4 before 4.12.0.54 and 5 before 5.4.2.22 allows remote attackers to read arbitrary files via a crafted help/ URL. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Avigilon Control Center
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-4882 HIGH This Week

Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Resident Anywhere
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-4204 MEDIUM This Month

Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Cisco Ios
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2015-4189 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Data Center Analytics Framework
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4209 MEDIUM This Month

Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meeting Center
NVD
CVSS 2.0
6.4
EPSS
0.8%
CVE-2015-2859 MEDIUM PATCH This Month

Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Intel Information Disclosure Epolicy Orchestrator
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-4205 MEDIUM This Month

Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local. Rated medium severity (CVSS 5.7). No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 2.0
5.7
EPSS
0.4%
CVE-2015-4203 MEDIUM This Month

Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Apple Denial Of Service Cisco iOS
NVD
CVSS 2.0
5.4
EPSS
0.7%
CVE-2015-0972 MEDIUM This Month

Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Proctorcache
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-4207 MEDIUM This Month

Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meeting Center
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-4210 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Webex Meeting Center
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy