Skip to main content
CVE-2015-7765 CRITICAL POC THREAT Emergency

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.7%.

Zoho Information Disclosure Manageengine Opmanager
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
77.7%
Threat
5.6
CVE-2015-7766 CRITICAL POC THREAT Emergency

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.5%.

Zoho Privilege Escalation Manageengine Opmanager
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
77.5%
Threat
5.6
CVE-2015-5922 CRITICAL Act Now

Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X Watchos International Components For Unicode
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2015-5887 CRITICAL Act Now

The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Microsoft Mac Os X
NVD
CVSS 2.0
10.0
EPSS
0.8%
CVE-2015-5780 CRITICAL Act Now

The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2015-5866 CRITICAL Act Now

IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
9.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy