Skip to main content
CVE-2015-6908 MEDIUM POC THREAT This Month

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.5%.

Denial Of Service Openldap Mac Os X
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
70.5%
Threat
4.6
CVE-2015-6912 CRITICAL POC THREAT Emergency

Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 29.7%.

Command Injection Synology Video Station
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
29.7%
Threat
4.4
CVE-2014-9208 CRITICAL POC THREAT Emergency

Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 22.3%.

RCE Buffer Overflow Webaccess
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
22.3%
Threat
4.2
CVE-2014-7216 CRITICAL POC Act Now

Multiple stack-based buffer overflows in Yahoo!. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Messenger
NVD
CVSS 2.0
9.3
EPSS
5.6%
CVE-2015-6914 HIGH POC This Week

Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sitefactory Cms
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-6911 HIGH POC This Week

SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Synology SQLi Video Station
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-6910 HIGH POC This Week

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Synology SQLi Video Station
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-6915 HIGH POC This Week

SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Resourcespace
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-6827 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Auto Exchanger
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-3964 CRITICAL Act Now

SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webbox Firmware
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2015-6464 HIGH PATCH This Week

The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Mozilla Authentication Bypass Eds 405A Firmware Eds 408A Firmware
NVD
CVSS 2.0
8.5
EPSS
0.2%
CVE-2015-6909 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Synology File Upload Download Station
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-6920 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Sourceafrica
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6913 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Synology Download Station
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6584 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Datatables
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-6919 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Googlesearch
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-6465 MEDIUM PATCH This Month

The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Eds 405A Firmware Eds 408A Firmware
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2015-5629 MEDIUM PATCH This Month

The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Apple Privilege Escalation Google Japan Connected Free Wi Fi
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-5631 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Pixma Mg7500 Series Inkjet Printer
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-6466 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Eds 405A Firmware Eds 408A Firmware
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2015-5630 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Apple Google Japan Connected Free Wi Fi
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6675 MEDIUM This Month

Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. Rated medium severity (CVSS 4.3). No vendor patch available.

Siemens Authentication Bypass Ruggedcom Rugged Operating System
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-6921 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Zendesk Feedback Tab
NVD
CVSS 2.0
2.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy