Skip to main content
CVE-2015-6004 MEDIUM POC THREAT This Month

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.5%.

SQLi Whatsup Gold
NVD
CVSS 3.0
6.5
EPSS
11.5%
CVE-2015-6005 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Whatsup Gold
NVD
CVSS 3.0
6.9
EPSS
0.2%
CVE-2015-8252 MEDIUM POC This Month

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Frontel Protocol
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2015-8254 MEDIUM POC This Month

The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Frontel Protocol
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2015-6537 CRITICAL Act Now

SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cardio Server
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-6538 CRITICAL Act Now

The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cardio Server
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2015-8263 HIGH This Week

NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Wnr1000V3 Firmware Wnr1000V3
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2015-8253 LOW POC Monitor

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Frontel Protocol
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2015-8262 MEDIUM This Month

Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Airstation Extreme N600 Firmware Airstation Extreme N600
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2015-7783 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Let's PHP!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Pbbs
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-7665 MEDIUM This Month

Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tails
NVD
CVSS 3.0
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy