Skip to main content
CVE-2015-7235 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi PHP Cp Reservation Calender
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.6%
CVE-2015-6962 HIGH POC This Week

SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Farol
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2015-5538 CRITICAL Act Now

Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2015-4040 MEDIUM POC This Month

Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Enterprise Manager Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
6.8%
CVE-2015-7233 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

CSRF Open Semantic Framework
NVD
CVSS 2.0
5.1
EPSS
0.1%
CVE-2015-7226 MEDIUM PATCH This Month

The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Administration Views
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-7228 MEDIUM PATCH This Month

The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Restful
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-7231 MEDIUM PATCH This Month

The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Commerce Commonwealth
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-6672 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-7234 MEDIUM PATCH This Month

The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable.

Information Disclosure Open Semantic Framework
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-7229 LOW PATCH Monitor

The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Twitter
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-7230 LOW PATCH Monitor

The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Workbench Email
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-7227 LOW PATCH Monitor

The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Fieldable Panels Panes
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-7232 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Open Semantic Framework
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2015-1319 LOW PATCH Monitor

The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Ubuntu Linux
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy