Skip to main content
CVE-2015-8377 MEDIUM POC This Month

SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2015-8317 MEDIUM POC This Month

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Debian Linux Ubuntu Linux Libxml2 Enterprise Linux Desktop +5
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-7918 MEDIUM This Month

Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 11.2% and no vendor patch available.

Schneider Electric Buffer Overflow RCE Proclima
NVD
CVSS 2.0
6.8
EPSS
11.2%
CVE-2015-8572 MEDIUM This Month

Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Design Review
NVD
CVSS 2.0
6.8
EPSS
8.4%
CVE-2015-8247 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo Internet Management Software (IMS) 2015 allows remote attackers to inject arbitrary web script or HTML via the plan_name parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Internet Management Software
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-8561 MEDIUM This Month

The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Schneider Electric Buffer Overflow RCE Proclima
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2015-8571 MEDIUM This Month

Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Design Review
NVD
CVSS 2.0
6.8
EPSS
3.0%
CVE-2015-6399 MEDIUM This Month

The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Integrated Management Controller Supervisor
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2015-8241 MEDIUM This Month

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Enterprise Linux Desktop Enterprise Linux Hpc Node +6
NVD
CVSS 2.0
6.4
EPSS
1.0%
CVE-2015-6359 MEDIUM This Month

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Buffer Overflow iOS
NVD
CVSS 2.0
6.1
EPSS
0.2%
CVE-2015-8242 MEDIUM This Month

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Libxml2 Icewall Federation Agent Icewall File Manager +9
NVD
CVSS 2.0
5.8
EPSS
1.4%
CVE-2015-7498 MEDIUM This Month

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Icewall Federation Agent Icewall File Manager Ubuntu Linux +6
NVD
CVSS 2.0
5.0
EPSS
3.3%
CVE-2015-7497 MEDIUM This Month

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Ubuntu Linux Libxml2 +6
NVD
CVSS 2.0
5.0
EPSS
3.1%
CVE-2015-7499 MEDIUM PATCH This Month

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Iphone Os Mac Os X Tvos Watchos +11
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2015-7500 MEDIUM This Month

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Icewall Federation Agent Icewall File Manager Libxml2 +10
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-6411 MEDIUM This Month

Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Secure Firewall Management Center
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-4206 MEDIUM This Month

Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-6404 MEDIUM This Month

Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Hosted Collaboration Solution
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-5004 MEDIUM This Month

The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy