Skip to main content
CVE-2015-6967 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.5%.

RCE PHP File Upload Nibbleblog
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
79.5%
Threat
5.2
CVE-2015-6973 MEDIUM POC THREAT This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.1%.

CSRF Openfire
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
16.1%
CVE-2014-8778 CRITICAL POC Act Now

Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Cxsast
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2015-3623 MEDIUM POC This Month

XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Qlikview
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
7.4%
CVE-2015-6829 HIGH POC This Week

Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Wp Limit Login Attempts
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-5465 HIGH POC This Week

Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Windows Vga Display Manager
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.6%
CVE-2015-6828 MEDIUM POC This Month

The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE WordPress PHP Security Audit
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-6965 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Contact Form Generator
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-6966 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF PHP Nibbleblog
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-6968 MEDIUM POC PATCH This Month

Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Serendipity
NVD
CVSS 2.0
6.5
EPSS
0.8%
CVE-2015-6972 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Openfire
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.6%
CVE-2015-6969 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Serendipity
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6929 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Nokia Siemens Vantage Commander
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1173 HIGH This Week

Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teta Web
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-5440 MEDIUM This Month

HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Universal Configuration Management Database
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2015-5426 MEDIUM This Month

Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Loadrunner
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-2136 MEDIUM This Month

HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Arcsight Logger
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2015-5956 LOW PATCH Monitor

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Typo3
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy