Skip to main content
CVE-2015-7297 HIGH POC THREAT Act Now

SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.6%.

SQLi Joomla
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
91.6%
Threat
5.7
CVE-2015-7857 HIGH POC THREAT Act Now

SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.2%.

PHP SQLi Joomla
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
72.2%
Threat
5.2
CVE-2015-7858 HIGH POC THREAT Act Now

SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.1%.

SQLi Joomla
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
69.1%
Threat
5.1
CVE-2015-2901 MEDIUM This Month

Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 23.3% and no vendor patch available.

RCE Buffer Overflow Medcin Engine
NVD
CVSS 2.0
6.8
EPSS
23.3%
CVE-2015-2898 MEDIUM This Month

Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 23.3% and no vendor patch available.

RCE Buffer Overflow Medcin Engine
NVD
CVSS 2.0
6.8
EPSS
23.3%
CVE-2015-6006 HIGH Act Now

The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.7% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Medcin Engine
NVD
CVSS 2.0
7.5
EPSS
18.7%
CVE-2015-2900 MEDIUM This Month

The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 18.3% and no vendor patch available.

Denial Of Service Buffer Overflow Medcin Engine
NVD
CVSS 2.0
6.8
EPSS
18.3%
CVE-2015-5285 MEDIUM POC PATCH This Month

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Kallithea
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
5.3%
CVE-2015-2899 MEDIUM This Month

Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Medcin Engine
NVD
CVSS 2.0
6.8
EPSS
6.9%
CVE-2015-5040 HIGH PATCH This Week

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service RCE Buffer Overflow Domino
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2015-4994 HIGH PATCH This Week

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service RCE Buffer Overflow Domino
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2015-3230 HIGH PATCH This Week

389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure 389 Directory Server
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-5668 HIGH This Week

SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Enisys Gw
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-5292 MEDIUM This Month

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Sssd
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2015-4997 MEDIUM PATCH This Month

IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM Privilege Escalation Websphere Portal
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-5669 MEDIUM This Month

Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Enisys Gw
NVD
CVSS 2.0
6.5
EPSS
1.3%
CVE-2015-7713 MEDIUM PATCH This Month

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nova
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-5955 MEDIUM This Month

ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Owncloud Client
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-5671 MEDIUM This Month

Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enisys Gw
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7859 MEDIUM This Month

The com_contenthistory component in Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-7899 MEDIUM This Month

The com_content component in Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-5670 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Enisys Gw
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy