Skip to main content
CVE-2015-7527 HIGH POC This Week

lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Cool Video Gallery
NVD
CVSS 2.0
7.5
EPSS
7.1%
CVE-2015-8327 HIGH Act Now

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via `. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.7% and no vendor patch available.

Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Server Eus +5
NVD
CVSS 2.0
7.5
EPSS
20.7%
CVE-2015-8369 HIGH POC This Week

SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-4027 HIGH POC This Week

The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Web Vulnerability Scanner
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
1.0%
CVE-2015-8368 MEDIUM POC This Month

ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Ntopng
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
3.0%
CVE-2015-8341 HIGH This Week

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2015-8600 HIGH This Week

The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Mobile Platform
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-8338 HIGH This Week

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-5277 HIGH This Week

The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +3
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-8601 MEDIUM PATCH This Month

The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Chat Room
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-8339 MEDIUM PATCH This Month

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host. Rated medium severity (CVSS 4.7).

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2015-8340 MEDIUM PATCH This Month

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host. Rated medium severity (CVSS 4.7).

Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2015-5204 MEDIUM This Month

CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Code Injection Apache Cordova File Transfer
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2015-7518 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Foreman
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-8602 LOW PATCH Monitor

The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Token Insert Entity
NVD
CVSS 2.0
3.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy