Skip to main content
CVE-2015-5995 CRITICAL POC THREAT Emergency

Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.2%.

Privilege Escalation Tenda N3 Wireless N150 Medialink Mwn Wapr300N Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.2%
Threat
4.6
CVE-2015-6018 CRITICAL POC THREAT Emergency

The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.

Zyxel Privilege Escalation Pmg5318 B20A Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
22.1%
Threat
4.1
CVE-2015-5996 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Medialink Mwn Wapr300N Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-6016 CRITICAL Act Now

ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nbg 418N Zynos Firmware Pmg5318 B20A Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2015-5989 CRITICAL Act Now

Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Gs1900 10Hp Firmware
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2015-2874 CRITICAL Act Now

Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wireless Mobile Storage Wireless Plus Mobile Storage Lac9000436U Firmware Lac9000464U Firmware +1
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2015-5988 CRITICAL Act Now

The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gs1900 10Hp Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2015-7277 CRITICAL Act Now

The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass R10000 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-7280 CRITICAL Act Now

The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wrt300N Dd Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-2876 HIGH This Week

Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Lac9000436U Firmware Lac9000464U Firmware Wireless Mobile Storage +2
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2015-2912 HIGH PATCH This Week

The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Orientdb
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-5990 HIGH This Week

Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gs1900 10Hp Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-7281 HIGH This Week

Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wrt300N Dd Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-7278 HIGH This Week

Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF R10000 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-5987 HIGH This Week

Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gs1900 10Hp Firmware
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2015-6019 HIGH This Week

The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Pmg5318 B20A Firmware
NVD
CVSS 3.0
8.5
EPSS
0.4%
CVE-2015-7283 HIGH This Week

The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Authentication Bypass Nbg 418N Firmware
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2015-2895 HIGH This Week

Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Uptime Infrastructure Monitor
NVD
CVSS 3.0
7.3
EPSS
4.4%
CVE-2015-6020 HIGH This Week

ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Privilege Escalation Pmg5318 B20A Firmware
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2015-7284 HIGH This Week

Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Zyxel Nbg 418N Firmware Nbg 418N
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2015-2875 HIGH This Week

Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Goflex Sattelite Wireless Mobile Storage Wireless Plus Mobile Storage Lac9000436U Firmware +1
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-3260 HIGH This Week

Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure 1000 Ccu Gms Rtu Gms
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-1947 HIGH This Week

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Infosphere Biginsights
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2015-5994 MEDIUM This Month

The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Medialink Mwn Wapr300N Firmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2015-2918 MEDIUM PATCH This Month

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Orientdb
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2015-6017 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zyxel P 660Hw T1 V2 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2015-2913 MEDIUM PATCH This Month

server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Java Orientdb
NVD GitHub
CVSS 3.0
5.9
EPSS
0.4%
CVE-2015-7282 MEDIUM This Month

ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wrt300N Dd Firmware Wrt300N Dd
NVD
CVSS 3.0
5.8
EPSS
0.5%
CVE-2015-2894 MEDIUM This Month

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Uptime Infrastructure Monitor
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2015-7279 MEDIUM This Month

Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure R10000 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2015-7447 MEDIUM This Month

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Portal
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-2896 MEDIUM This Month

The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uptime Infrastructure Monitor
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2014-4876 LOW Monitor

Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure 4690 Operating System
NVD
CVSS 3.0
3.7
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy