Skip to main content
CVE-2015-5119 CRITICAL POC KEV PATCH THREAT Act Now

Remote code execution in Adobe Flash Player 11.x through 18.x allows unauthenticated network attackers to execute arbitrary code via crafted Flash content exploiting a use-after-free flaw in the ByteArray class. Confirmed actively exploited (CISA KEV) in July 2015 following the Hacking Team data breach, which exposed weaponized exploit code targeting this vulnerability. With EPSS score of 93.21% (100th percentile) and publicly available proof-of-concept, this represents critical risk to unpatched Flash installations across Windows, OS X, and Linux platforms. Vendor-released patches available via Adobe APSB15-16.

Buffer Overflow Memory Corruption Denial Of Service RCE Adobe +2
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
93.2%
Threat
9.8
CVE-2015-5453 MEDIUM POC THREAT This Month

Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

Command Injection Watchguard Xcs
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
72.5%
Threat
5.0
CVE-2015-5452 HIGH POC THREAT Act Now

SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.7%.

Watchguard SQLi Xcs
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
36.7%
Threat
4.1
CVE-2015-5461 MEDIUM POC PATCH THREAT This Month

Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%.

WordPress PHP Open Redirect Stageshow
NVD
CVSS 2.0
6.4
EPSS
17.8%
CVE-2015-4620 HIGH Act Now

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 27.2% and no vendor patch available.

Denial Of Service Bind
NVD
CVSS 2.0
7.8
EPSS
27.2%
CVE-2015-4614 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi PHP Easy2Map
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
5.6%
CVE-2015-2866 HIGH POC This Week

SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gxv3611 Hd Firmware
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.6%
CVE-2015-5457 HIGH POC This Week

PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Pivotx
NVD
CVSS 2.0
7.5
EPSS
3.4%
CVE-2015-4616 MEDIUM POC THREAT This Month

Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Path Traversal WordPress PHP Easy2Map
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
15.3%
CVE-2015-5458 MEDIUM POC This Month

Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Pivotx
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2015-5459 MEDIUM POC PATCH This Month

SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Zoho SQLi Manageengine Password Manager Pro
NVD
CVSS 2.0
6.5
EPSS
0.8%
CVE-2015-5460 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Snorby
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-5454 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Nucleus Cms
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-5456 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Pivotx
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-5455 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS X Cart
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-4242 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Firesight System Software
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4241 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
6.1
EPSS
0.4%
CVE-2015-4243 MEDIUM This Month

The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 2.0
6.1
EPSS
0.3%
CVE-2014-8175 MEDIUM This Month

Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Jboss Fuse
NVD
CVSS 2.0
6.0
EPSS
0.2%
CVE-2015-4240 MEDIUM This Month

Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ip Communicator
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-9741 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Arcgis For Desktop Arcgis For Engine Arcgis Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1796 MEDIUM PATCH This Month

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Java Identity Provider Opensaml Java
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy