Skip to main content
CVE-2015-5400 MEDIUM POC THREAT This Month

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.8%.

Privilege Escalation Fedora Debian Linux Squid
NVD
CVSS 2.0
6.8
EPSS
19.8%
CVE-2015-6928 MEDIUM POC PATCH This Month

classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Authentication Bypass Cubecart
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-5185 MEDIUM POC This Month

The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opensuse Sblim Sfcb
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-6806 MEDIUM POC This Month

The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Gnu Screen
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-1781 MEDIUM This Month

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Debuginfo Linux Enterprise Desktop +4
NVD
CVSS 2.0
6.8
EPSS
7.3%
CVE-2014-9202 MEDIUM This Month

Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long. Rated medium severity (CVSS 6.9). No vendor patch available.

RCE Buffer Overflow Webaccess
NVD
CVSS 2.0
6.9
EPSS
0.5%
CVE-2015-6007 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Refbase
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-5703 MEDIUM This Month

SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Open Xchange Ox Guard
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-6307 MEDIUM This Month

Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2015-6012 MEDIUM This Month

Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Refbase
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2015-6463 MEDIUM PATCH This Month

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

Denial Of Service XXE Hart Comm Dtm
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-6011 MEDIUM This Month

Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Code Injection Refbase
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-5372 MEDIUM This Month

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nevisauth
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7383 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Refbase
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-6010 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Refbase
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-5375 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite Open Xchange Server
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy