Skip to main content
CVE-2015-5688 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.1%.

Path Traversal Node.js Geddy
NVD GitHub
CVSS 2.0
5.0
EPSS
81.1%
Threat
4.9
CVE-2014-9605 CRITICAL POC PATCH Act Now

WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Authentication Bypass Netsweeper
NVD Exploit-DB
CVSS 2.0
9.4
EPSS
8.7%
CVE-2015-6811 HIGH POC This Week

SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sophos SQLi Cyberoamos
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.8%
CVE-2015-6259 CRITICAL Act Now

The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Integrated Management Controller Supervisor Unified Computing System Director
NVD
CVSS 2.0
9.4
EPSS
1.7%
CVE-2015-4544 CRITICAL Act Now

EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
0.5%
CVE-2015-6809 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Bedita
NVD GitHub Exploit-DB
CVSS 2.0
4.3
EPSS
3.5%
CVE-2015-6812 HIGH This Week

Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Invision Power Board
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2015-6810 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Invision Power Board
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.8%
CVE-2015-4538 HIGH This Week

The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Atmos
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-5612 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS October
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6808 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Spotlight
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-6807 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact". Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Mass Contact
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy