Skip to main content
CVE-2015-7901 MEDIUM POC PATCH This Month

Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Mango Automation
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
7.3%
CVE-2015-7904 MEDIUM POC PATCH This Month

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Mango Automation
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
6.5%
CVE-2015-7902 MEDIUM POC PATCH THREAT This Month

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Information Disclosure Mango Automation
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
12.4%
CVE-2015-6493 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Mango Automation
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-7900 MEDIUM POC PATCH THREAT This Month

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.8%.

Information Disclosure Mango Automation
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
12.8%
CVE-2015-7903 MEDIUM POC PATCH This Month

SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Mango Automation
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.7%
CVE-2015-6034 MEDIUM PATCH This Month

EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. Rated medium severity (CVSS 6.9).

Privilege Escalation Network Utility
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-3967 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Umg 508 Umg 509 Umg 511 Umg 604 +1
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-6486 MEDIUM PATCH This Month

SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Rockwell SQLi Micrologix 1100 Firmware Micrologix 1400 Firmware
NVD
CVSS 2.0
6.5
EPSS
0.1%
CVE-2015-3973 MEDIUM PATCH This Month

Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Umg 508 Umg 509 Umg 511 Umg 604 +1
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-7873 MEDIUM PATCH This Month

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Phpmyadmin
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-5713 MEDIUM This Month

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Server Spotfire Analytics Platform For Aws
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-3969 MEDIUM PATCH This Month

Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Umg 508 Umg 509 Umg 511 Umg 604 +1
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8912 MEDIUM PATCH This Month

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Websphere Portal
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-3970 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Umg 508 Umg 509 Umg 511 Umg 604 +1
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-6488 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rockwell Micrologix 1100 Firmware Micrologix 1400 Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6491 MEDIUM PATCH This Month

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Rockwell Information Disclosure Micrologix 1100 Firmware Micrologix 1400 Firmware
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-5712 MEDIUM This Month

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Analytics Platform For Aws Spotfire Server
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy