Skip to main content
CVE-2015-3111 CRITICAL POC THREAT Emergency

Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 27.4%.

Adobe Buffer Overflow RCE Bridge Photoshop Cc
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
27.4%
Threat
4.3
CVE-2015-3110 CRITICAL POC THREAT Emergency

Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 22.9%.

Adobe RCE Photoshop Cc Bridge
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
22.9%
Threat
4.2
CVE-2015-3112 CRITICAL POC THREAT Emergency

Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 22.2%.

Denial Of Service Adobe Buffer Overflow RCE Bridge +1
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
22.2%
Threat
4.2
CVE-2015-5065 MEDIUM POC PATCH THREAT This Month

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.4%.

Path Traversal WordPress Google PHP Paypal Currency Converter Basic For Woocommerce
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
35.4%
CVE-2015-3109 CRITICAL Act Now

Adobe Photoshop CC before 16.0 (aka 2015.0.0) allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Adobe Buffer Overflow RCE Photoshop Cc
NVD
CVSS 2.0
10.0
EPSS
8.6%
CVE-2015-5066 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Genixcms
NVD GitHub Exploit-DB
CVSS 2.0
4.3
EPSS
8.2%
CVE-2015-5062 MEDIUM POC This Month

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Silverstripe
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-2169 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Assetexplorer
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.1%
CVE-2015-4413 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the new_fb_sign_button function in nextend-facebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Facebook Connect
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-5064 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Mysql Lite Administrator
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-5063 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Silverstripe
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-5067 HIGH This Week

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-5068 HIGH This Week

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Mobile Platform
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-4208 HIGH This Week

Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Webex Meeting Center
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-5061 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Assetexplorer
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-4211 HIGH This Week

Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Microsoft Anyconnect Secure Mobility Client
NVD
CVSS 2.0
7.2
EPSS
0.4%
CVE-2015-2308 MEDIUM PATCH This Month

Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Symfony
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-4215 MEDIUM This Month

Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller Software
NVD
CVSS 2.0
6.1
EPSS
0.5%
CVE-2015-3900 MEDIUM PATCH This Month

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ruby Rubygems Solaris Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
2.4%
CVE-2015-4218 MEDIUM This Month

The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Microsoft Jabber
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-4212 MEDIUM This Month

Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meeting Center
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-4875 MEDIUM This Month

CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Chec
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-7397 MEDIUM PATCH This Month

Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Jboss Fuse Async Http Client
NVD GitHub
CVSS 2.0
4.3
EPSS
1.1%
CVE-2013-7398 MEDIUM PATCH This Month

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Java Async Http Client Jboss Fuse
NVD GitHub
CVSS 2.0
4.3
EPSS
1.0%
CVE-2015-4213 MEDIUM This Month

Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nx Os
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2015-4219 MEDIUM This Month

Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine Software Secure Access Control System
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-4214 MEDIUM This Month

Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Meetingplace
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy