Skip to main content
CVE-2015-0550 HIGH This Week

Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Documentum Thumbnail Server
NVD
CVSS 2.0
8.5
EPSS
4.0%
CVE-2015-4174 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Siemens Climatix Bacnet Ip
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-1485 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Data Loss Prevention
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-6198 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM CSRF Security Network Protection Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-1974 MEDIUM PATCH This Month

The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Tivoli Directory Server
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-5078 MEDIUM This Month

SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Limesurvey
NVD GitHub
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-0126 MEDIUM This Month

IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Leads
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-0115 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

IBM CSRF Leads
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2015-1959 MEDIUM PATCH This Month

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

IBM Authentication Bypass Tivoli Directory Server
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-9230 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Data Loss Prevention
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-0989 MEDIUM This Month

PACTware 4.1 SP3 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers an internal error. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Pactware
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-1978 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Directory Server
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-1972 MEDIUM PATCH This Month

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Directory Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0118 MEDIUM This Month

IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Websphere Message Broker Integration Bus
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0173 MEDIUM PATCH This Month

The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Authentication Bypass Websphere Mq Internet Pass Thru
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1884 MEDIUM PATCH This Month

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Business Process Manager Websphere
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2015-2965 MEDIUM This Month

Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Oscommerce
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-0116 LOW PATCH Monitor

IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM CSRF Leads
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0131 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Leads
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0549 LOW Monitor

Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Documentum D2
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0127 LOW Monitor

IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Leads
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2014-4768 LOW Monitor

IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Uefi
NVD
CVSS 2.0
2.1
EPSS
0.4%
CVE-2015-1981 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

IBM XSS Domino
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2015-2019 LOW PATCH Monitor

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

IBM Information Disclosure Tivoli Directory Server
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1901 LOW PATCH Monitor

The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy