Skip to main content
CVE-2015-5603 MEDIUM POC THREAT This Month

The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.5%.

Java Atlassian RCE Code Injection Hipchat
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
82.5%
Threat
5.3
CVE-2015-7303 CRITICAL Act Now

Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.4% and no vendor patch available.

RCE Management Console
NVD
CVSS 2.0
10.0
EPSS
12.4%
CVE-2015-6923 HIGH POC This Week

The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Satellite Express Protocol
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.6%
CVE-2015-2864 MEDIUM POC PATCH This Month

Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Retrospect Retrospect Client
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-6749 MEDIUM POC This Month

Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Vorbis Tools
NVD
CVSS 2.0
4.3
EPSS
2.0%
CVE-2015-6938 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF Notebook Fedora Opensuse
NVD GitHub
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-6238 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Google PHP Google Analyticator
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-5993 HIGH This Week

Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Kasda Kw58293 Firmware Speedsurf 504An Firmware
NVD
CVSS 2.0
7.8
EPSS
1.8%
CVE-2015-2915 HIGH PATCH This Week

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Authentication Bypass Almond Firmware Almond 2015 Firmware
NVD
CVSS 2.0
7.3
EPSS
0.3%
CVE-2015-5991 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Speedsurf 504An Firmware Kasda Kw58293 Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-2916 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Almond 2015 Firmware Almond Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-2914 MEDIUM PATCH This Month

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Almond Firmware Almond 2015 Firmware
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-7305 MEDIUM PATCH This Month

The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Scald
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7306 MEDIUM PATCH This Month

The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Cms Updater
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2015-7296 MEDIUM PATCH This Month

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Almond Firmware Almond 2015 Firmware
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2015-2917 MEDIUM PATCH This Month

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Almond Firmware Almond 2015 Firmware
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-5992 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Speedsurf 504An Firmware Kasda Kw58293 Firmware
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-7307 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Cms Updater
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-7304 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Amocrm
NVD
CVSS 2.0
2.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy