Skip to main content
CVE-2015-7603 HIGH POC THREAT Act Now

Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.8%.

Path Traversal Ftp Utility
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
72.8%
Threat
5.2
CVE-2015-7602 HIGH POC THREAT Act Now

Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.6%.

Path Traversal Bisonftp
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
52.6%
Threat
4.6
CVE-2015-7601 HIGH POC THREAT Act Now

Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.6%.

Path Traversal Pcman S Ftp Server
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
52.6%
Threat
4.6
CVE-2015-5074 HIGH POC PATCH THREAT Act Now

Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

RCE PHP X2Crm
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
11.2%
CVE-2015-5075 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP X2Crm
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.0%
CVE-2015-5076 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP X2Crm
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-7319 HIGH PATCH This Week

SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi PHP Appointment Booking Calendar
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-7337 MEDIUM PATCH This Month

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Notebook
NVD GitHub
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-0852 MEDIUM PATCH This Month

Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Freeimage
NVD
CVSS 2.0
5.0
EPSS
2.2%
CVE-2015-5442 MEDIUM This Month

Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Software Update
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-7604 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Splunk
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-7320 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress PHP Appointment Booking Calendar
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0299 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Source Point Of Sale
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-5711 MEDIUM This Month

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Managed File Transfer Internet Server Vault Managed File Transfer Command Center +1
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy