Skip to main content
CVE-2015-7856 CRITICAL POC Act Now

OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Opennms
NVD
CVSS 2.0
10.0
EPSS
1.8%
CVE-2015-7682 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Pie Register
NVD GitHub
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-6003 CRITICAL Act Now

Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Qnap Qts
NVD
CVSS 2.0
9.3
EPSS
1.1%
CVE-2015-7377 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Pie Register
NVD GitHub
CVSS 2.0
4.3
EPSS
5.8%
CVE-2015-7683 MEDIUM POC PATCH This Month

Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal WordPress PHP Font
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-7445 HIGH This Week

The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Google Linux Linux Kernel +1
NVD
CVSS 2.0
7.8
EPSS
1.1%
CVE-2014-6450 HIGH This Week

Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Buffer Overflow Junos
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-6451 HIGH This Week

J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2015-1814 HIGH PATCH This Week

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Privilege Escalation Openshift
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2015-4948 MEDIUM This Month

netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 6.9). No vendor patch available.

IBM Privilege Escalation Vios Aix
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-5660 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF PHP Extplorer
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-1806 MEDIUM PATCH This Month

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Jenkins RCE Privilege Escalation Openshift
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2015-5742 LOW POC Monitor

VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Veeam Backup Replication
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-6449 MEDIUM This Month

Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-6334 MEDIUM This Month

Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Asr 5000 Software
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-1810 MEDIUM PATCH This Month

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable.

Jenkins Privilege Escalation Openshift
NVD
CVSS 2.0
4.6
EPSS
0.4%
CVE-2015-6333 MEDIUM This Month

Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Application Policy Infrastructure Controller
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-1813 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins Openshift
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1812 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins Openshift
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1808 LOW PATCH Monitor

Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Jenkins Openshift
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1807 LOW Monitor

Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Jenkins Openshift
NVD
CVSS 2.0
3.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy