Skip to main content
CVE-2015-7912 CRITICAL PATCH Act Now

The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Java Aggregate
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2015-7289 CRITICAL Act Now

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Na Model 862 Gw Mono Firmware
NVD
CVSS 2.0
9.3
EPSS
0.6%
CVE-2015-7913 HIGH PATCH This Week

ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

RCE Java Apache Aggregate
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2015-6376 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Telepresence Video Communication Server Software
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-7291 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Na Model 862 Gw Mono Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-7290 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Na Model 862 Gw Mono Firmware
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-7777 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in index.php in JosephErnest Void before 2015-10-02 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Void
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-6375 LOW Monitor

The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy