Skip to main content
CVE-2015-1487 MEDIUM POC THREAT This Month

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.2%.

Information Disclosure Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
5.5
EPSS
51.2%
Threat
4.1
CVE-2015-4289 MEDIUM This Month

Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2015-1491 MEDIUM This Month

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

SQLi Endpoint Protection Manager
NVD
CVSS 2.0
6.0
EPSS
1.0%
CVE-2015-2890 MEDIUM This Month

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Bios
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2015-1490 MEDIUM This Month

Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Endpoint Protection Manager
NVD
CVSS 2.0
5.5
EPSS
2.3%
CVE-2015-2870 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Bf 630 Bf 630W Bf 660C
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-4292 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Central For Hosted Collaboration Solution Assurance
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-4294 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager Im And Presence Service
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1488 MEDIUM This Month

An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-4295 MEDIUM This Month

The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy