Skip to main content
CVE-2015-5308 HIGH POC This Week

Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Wp Championship
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2015-6031 MEDIUM POC This Month

Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Miniupnpc Debian Linux +3
NVD GitHub
CVSS 2.0
6.8
EPSS
2.8%
CVE-2015-5534 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Oxwall
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.0%
CVE-2015-8038 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Fortinet Fortimanager Firmware
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.7%
CVE-2015-8037 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Fortinet Fortimanager Firmware
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.7%
CVE-2015-5470 HIGH PATCH This Week

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authoritative Recursor
NVD
CVSS 2.0
7.8
EPSS
0.0%
CVE-2015-8039 MEDIUM This Month

Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Samsung Smartviewer
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2015-5291 MEDIUM This Month

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow
NVD VulDB
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-8040 MEDIUM This Month

The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Samsung Smartviewer
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2015-8036 MEDIUM This Month

Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow
NVD VulDB
CVSS 2.0
6.8
EPSS
1.4%
CVE-2015-3270 MEDIUM This Month

Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Ambari
NVD
CVSS 2.0
6.5
EPSS
0.8%
CVE-2015-5210 MEDIUM PATCH This Month

Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Apache Ambari
NVD
CVSS 2.0
5.8
EPSS
1.0%
CVE-2015-1775 MEDIUM PATCH This Month

Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF Apache Ambari
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2015-3186 LOW Monitor

Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apache Ambari
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy