Skip to main content
CVE-2015-5692 HIGH This Week

admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP Privilege Escalation Web Gateway
NVD
CVSS 2.0
7.9
EPSS
7.7%
CVE-2015-4307 CRITICAL Act Now

The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Prime Collaboration Provisioning
NVD
CVSS 2.0
9.0
EPSS
0.4%
CVE-2015-4304 CRITICAL Act Now

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Prime Collaboration Assurance
NVD
CVSS 2.0
9.0
EPSS
0.4%
CVE-2015-6547 HIGH This Week

The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Web Gateway
NVD
CVSS 2.0
8.3
EPSS
3.3%
CVE-2015-5690 HIGH This Week

The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Web Gateway
NVD
CVSS 2.0
8.5
EPSS
1.6%
CVE-2015-4306 HIGH This Week

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Privilege Escalation Prime Collaboration Assurance
NVD
CVSS 2.0
8.5
EPSS
0.4%
CVE-2015-5693 HIGH This Week

The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Web Gateway
NVD
CVSS 2.0
7.9
EPSS
3.1%
CVE-2015-6284 HIGH This Week

Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Telepresence Server Software
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2015-5689 MEDIUM This Month

ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Deployment Solution Ghost Solutions Suite
NVD
CVSS 2.0
6.8
EPSS
3.0%
CVE-2015-5637 MEDIUM This Month

The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google 1 1
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-5636 MEDIUM This Month

The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Google Reversi
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-5635 MEDIUM This Month

The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Google Koritore
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-5634 MEDIUM This Month

The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Google Megaphone Music
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-5633 MEDIUM This Month

The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Google Auction Camera
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-5632 MEDIUM This Month

The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Google Applican
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-9229 MEDIUM This Month

Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Endpoint Protection
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-6299 MEDIUM This Month

SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unity Connection
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-6548 MEDIUM This Month

Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Web Gateway
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2015-6301 MEDIUM This Month

The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr Asr 9001 +5
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-6295 MEDIUM This Month

Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 2.0
4.8
EPSS
0.6%
CVE-2014-9228 MEDIUM This Month

sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Endpoint Protection
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-9227 MEDIUM This Month

Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-5691 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Web Gateway
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-5638 MEDIUM This Month

Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal H20
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-6300 MEDIUM This Month

Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Secure Access Control Server
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-4305 MEDIUM This Month

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Prime Collaboration Assurance
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy