Skip to main content
CVE-2015-7299 HIGH POC This Week

SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft K2 Blackpearl K2 For Sharepoint K2 Smartforms
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-4868 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
7.6
EPSS
3.9%
CVE-2015-4717 HIGH This Week

The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PHP Owncloud Owncloud Server
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2015-4795 HIGH This Week

Unspecified vulnerability in the Oracle Utilities Work and Asset Management component in Oracle Industry Applications 1.9.1.1.2 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Industry Applications
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-7876 HIGH PATCH This Week

The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Microsoft Drupal 7 Driver For Sql Server And Sql Azure
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-4873 HIGH PATCH This Week

Unspecified vulnerability in the Database Scheduler component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Database Server
NVD
CVSS 2.0
7.2
EPSS
0.3%
CVE-2015-4819 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL Linux Solaris +11
NVD
CVSS 2.0
7.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy