Skip to main content
CVE-2015-7649 CRITICAL PATCH Act Now

Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.9%.

Denial Of Service Adobe Buffer Overflow RCE Shockwave Player
NVD
CVSS 2.0
10.0
EPSS
12.9%
CVE-2015-7901 MEDIUM POC PATCH This Month

Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Mango Automation
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
7.3%
CVE-2015-7904 MEDIUM POC PATCH This Month

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Mango Automation
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
6.5%
CVE-2015-7902 MEDIUM POC PATCH THREAT This Month

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Information Disclosure Mango Automation
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
12.4%
CVE-2015-6493 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Mango Automation
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-7900 MEDIUM POC PATCH THREAT This Month

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.8%.

Information Disclosure Mango Automation
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
12.8%
CVE-2015-7903 MEDIUM POC PATCH This Month

SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Mango Automation
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.7%
CVE-2015-3972 CRITICAL PATCH Act Now

The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Umg 508 Umg 509 Umg 511 Umg 604 +1
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2015-6490 CRITICAL PATCH Act Now

Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Rockwell Buffer Overflow RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2015-6492 HIGH PATCH This Week

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Rockwell Buffer Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
10.0%
CVE-2015-6494 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Mango Automation
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
1.3%
CVE-2015-3968 HIGH PATCH This Week

The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Umg 508 Umg 509 Umg 511 Umg 604 +1
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-3971 HIGH PATCH This Week

The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Umg 508 Umg 509 Umg 511 Umg 604 +1
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-6034 MEDIUM PATCH This Month

EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. Rated medium severity (CVSS 6.9).

Privilege Escalation Network Utility
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-3967 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Umg 508 Umg 509 Umg 511 Umg 604 +1
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-6486 MEDIUM PATCH This Month

SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Rockwell SQLi Micrologix 1100 Firmware Micrologix 1400 Firmware
NVD
CVSS 2.0
6.5
EPSS
0.1%
CVE-2015-3973 MEDIUM PATCH This Month

Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Umg 508 Umg 509 Umg 511 Umg 604 +1
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-7873 MEDIUM PATCH This Month

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Phpmyadmin
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-5713 MEDIUM This Month

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Server Spotfire Analytics Platform For Aws
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-3969 MEDIUM PATCH This Month

Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Umg 508 Umg 509 Umg 511 Umg 604 +1
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8912 MEDIUM PATCH This Month

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Websphere Portal
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3970 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Umg 508 Umg 509 Umg 511 Umg 604 +1
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-6488 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rockwell Micrologix 1100 Firmware Micrologix 1400 Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6491 MEDIUM PATCH This Month

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Rockwell Information Disclosure Micrologix 1100 Firmware Micrologix 1400 Firmware
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-5712 MEDIUM This Month

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Analytics Platform For Aws Spotfire Server
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-7836 LOW Monitor

Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Ruggedcom Rugged Operating System
NVD
CVSS 2.0
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy