Skip to main content
CVE-2015-7387 HIGH POC THREAT Act Now

ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.7%.

Zoho SQLi Manageengine Eventlog Analyzer
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
81.7%
Threat
5.5
CVE-2015-3203 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

RCE File Upload H5Ai
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
12.4%
CVE-2015-6008 HIGH POC This Week

install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Refbase
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.6%
CVE-2015-7381 HIGH POC This Week

Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Refbase
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
6.2%
CVE-2015-7382 HIGH POC This Week

SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Refbase
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.6%
CVE-2015-6009 HIGH POC This Week

Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Refbase
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.6%
CVE-2015-5279 HIGH Act Now

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Qemu
NVD
CVSS 2.0
7.2
EPSS
10.2%
CVE-2015-6279 HIGH This Week

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2015-6278 HIGH This Week

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
7.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy