Skip to main content
CVE-2015-5082 CRITICAL POC THREAT Emergency

Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.7%.

Command Injection Endian Firewall
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
86.7%
Threat
6.1
CVE-2015-7387 HIGH POC THREAT Act Now

ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.7%.

Zoho SQLi Manageengine Eventlog Analyzer
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
81.7%
Threat
5.5
CVE-2015-5400 MEDIUM POC THREAT This Month

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.8%.

Privilege Escalation Fedora Debian Linux Squid
NVD
CVSS 2.0
6.8
EPSS
19.8%
CVE-2015-5957 CRITICAL POC PATCH Act Now

Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Opensuse Remind
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2015-3203 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

RCE File Upload H5Ai
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
12.4%
CVE-2015-6008 HIGH POC This Week

install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Refbase
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.6%
CVE-2015-7381 HIGH POC This Week

Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Refbase
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
6.2%
CVE-2015-7382 HIGH POC This Week

SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Refbase
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.6%
CVE-2015-6009 HIGH POC This Week

Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Refbase
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.6%
CVE-2015-6928 MEDIUM POC PATCH This Month

classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Authentication Bypass Cubecart
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-6280 CRITICAL Act Now

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Authentication Bypass iOS Ios Xe
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2015-5279 HIGH Act Now

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.2
EPSS
10.2%
CVE-2015-5185 MEDIUM POC This Month

The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opensuse Sblim Sfcb
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-3974 CRITICAL Act Now

EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Honeywell Authentication Bypass Easyio 30P Sf Firmware Easyio 30P Sf
NVD
CVSS 2.0
9.0
EPSS
0.7%
CVE-2015-6806 MEDIUM POC This Month

The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Gnu Screen
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-1781 MEDIUM This Month

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Debuginfo Linux Enterprise Desktop +4
NVD
CVSS 2.0
6.8
EPSS
7.3%
CVE-2015-6279 HIGH This Week

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2015-6278 HIGH This Week

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2015-6927 LOW POC PATCH Monitor

vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Vzctl
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2015-7386 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Gallery Photo Albums Portfolio
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2014-9202 MEDIUM This Month

Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long. Rated medium severity (CVSS 6.9). No vendor patch available.

RCE Buffer Overflow Webaccess
NVD
CVSS 2.0
6.9
EPSS
0.5%
CVE-2015-6007 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Refbase
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-5703 MEDIUM This Month

SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Open Xchange Ox Guard
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-6307 MEDIUM This Month

Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2015-6012 MEDIUM This Month

Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Refbase
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2015-6463 MEDIUM PATCH This Month

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

Denial Of Service XXE Hart Comm Dtm
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-6011 MEDIUM This Month

Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Code Injection Refbase
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-5372 MEDIUM This Month

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nevisauth
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7383 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Refbase
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-6010 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Refbase
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-5375 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite Open Xchange Server
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy