Skip to main content
CVE-2015-4174 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Siemens Climatix Bacnet Ip
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-1485 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Data Loss Prevention
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-6198 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM CSRF Security Network Protection Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-1974 MEDIUM PATCH This Month

The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Tivoli Directory Server
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-5078 MEDIUM This Month

SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Limesurvey
NVD GitHub
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-0126 MEDIUM This Month

IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Leads
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-0115 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

IBM CSRF Leads
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2015-1959 MEDIUM PATCH This Month

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

IBM Authentication Bypass Tivoli Directory Server
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-9230 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Data Loss Prevention
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-0989 MEDIUM This Month

PACTware 4.1 SP3 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers an internal error. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Pactware
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-1978 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Directory Server
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-1972 MEDIUM PATCH This Month

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Directory Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0118 MEDIUM This Month

IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Websphere Message Broker Integration Bus
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0173 MEDIUM PATCH This Month

The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Authentication Bypass Websphere Mq Internet Pass Thru
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1884 MEDIUM PATCH This Month

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Business Process Manager Websphere
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2015-2965 MEDIUM This Month

Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Oscommerce
NVD
CVSS 2.0
4.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy