Skip to main content
CVE-2015-5453 MEDIUM POC THREAT This Month

Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

Command Injection Watchguard Xcs
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
72.5%
Threat
5.0
CVE-2015-5461 MEDIUM POC PATCH THREAT This Month

Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%.

WordPress PHP Open Redirect Stageshow
NVD
CVSS 2.0
6.4
EPSS
17.8%
CVE-2015-4616 MEDIUM POC THREAT This Month

Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Path Traversal WordPress PHP Easy2Map
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
15.3%
CVE-2015-5458 MEDIUM POC This Month

Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Pivotx
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2015-5459 MEDIUM POC PATCH This Month

SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Zoho SQLi Manageengine Password Manager Pro
NVD
CVSS 2.0
6.5
EPSS
0.8%
CVE-2015-5460 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Snorby
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-5454 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Nucleus Cms
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-5456 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Pivotx
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-5455 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS X Cart
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-4242 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Firesight System Software
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4241 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
6.1
EPSS
0.4%
CVE-2015-4243 MEDIUM This Month

The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 2.0
6.1
EPSS
0.3%
CVE-2014-8175 MEDIUM This Month

Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Jboss Fuse
NVD
CVSS 2.0
6.0
EPSS
0.2%
CVE-2015-4240 MEDIUM This Month

Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ip Communicator
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-9741 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Arcgis For Desktop Arcgis For Engine Arcgis Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1796 MEDIUM PATCH This Month

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Java Identity Provider Opensaml Java
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy