Skip to main content
CVE-2015-6967 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.5%.

RCE PHP File Upload Nibbleblog
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
79.5%
Threat
5.2
CVE-2015-6973 MEDIUM POC THREAT This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.1%.

CSRF Openfire
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
16.1%
CVE-2015-3623 MEDIUM POC This Month

XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Qlikview
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
7.4%
CVE-2015-6828 MEDIUM POC This Month

The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE WordPress PHP Security Audit
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-6965 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Contact Form Generator
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-6966 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF PHP Nibbleblog
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-6968 MEDIUM POC PATCH This Month

Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Serendipity
NVD
CVSS 2.0
6.5
EPSS
0.8%
CVE-2015-6972 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Openfire
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.6%
CVE-2015-6969 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Serendipity
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6929 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Nokia Siemens Vantage Commander
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-5440 MEDIUM This Month

HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Universal Configuration Management Database
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2015-5426 MEDIUM This Month

Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Loadrunner
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-2136 MEDIUM This Month

HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Arcsight Logger
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy