Skip to main content
CVE-2015-5254 CRITICAL PATCH Act Now

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 80.4%.

RCE Java Apache Openshift Activemq +1
NVD
CVSS 3.0
9.8
EPSS
80.4%
Threat
4.4
CVE-2015-8612 HIGH POC THREAT Act Now

The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 23.1%.

Privilege Escalation Blueman
NVD GitHub Exploit-DB
CVSS 3.0
8.4
EPSS
23.1%
CVE-2015-4694 HIGH POC PATCH THREAT Act Now

Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.5%.

Path Traversal WordPress PHP Zip Attachments
NVD
CVSS 3.0
8.6
EPSS
32.5%
Threat
4.2
CVE-2015-5259 HIGH Act Now

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 34.3% and no vendor patch available.

RCE Buffer Overflow Apache Subversion
NVD
CVSS 3.0
8.6
EPSS
34.3%
CVE-2015-8668 CRITICAL POC Act Now

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow RCE Libtiff +5
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2015-8261 CRITICAL POC Act Now

The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Whatsup Gold
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.4%
CVE-2015-7554 CRITICAL POC Act Now

The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2015-7512 CRITICAL Act Now

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.1% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Qemu Enterprise Linux Desktop +7
NVD
CVSS 3.1
9.0
EPSS
21.1%
CVE-2014-8886 HIGH POC This Week

AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Fritz Os
NVD
CVSS 3.0
8.1
EPSS
4.5%
CVE-2016-1499 HIGH POC This Week

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Information Disclosure Owncloud Owncloud Server
NVD
CVSS 3.0
8.5
EPSS
0.5%
CVE-2015-6856 HIGH POC This Week

Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dell Pre Boot Authentication Driver
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8597 HIGH POC This Week

Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Proxysg Advanced Secure Gateway
NVD
CVSS 3.0
7.4
EPSS
0.3%
CVE-2015-7541 CRITICAL PATCH Act Now

The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection RCE Colorscore
NVD GitHub
CVSS 3.0
10.0
EPSS
1.3%
CVE-2015-8766 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Symphony
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-8376 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Symphony
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-8557 CRITICAL PATCH Act Now

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Ubuntu Linux Pygments
NVD
CVSS 3.0
9.0
EPSS
5.7%
CVE-2014-7151 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Nex Forms Lite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-8753 CRITICAL Act Now

SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation SAP Afaria
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2015-8761 CRITICAL PATCH Act Now

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Values
NVD
CVSS 3.0
9.0
EPSS
0.3%
CVE-2015-8765 HIGH This Week

Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel RCE Java Apache Epolicy Orchestrator
NVD
CVSS 3.0
8.3
EPSS
2.3%
CVE-2015-6862 HIGH PATCH This Week

HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ucmdb Browser
NVD
CVSS 3.0
8.4
EPSS
0.5%
CVE-2015-7754 HIGH This Week

Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper RCE Denial Of Service Screenos
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2016-1131 HIGH This Week

Buffer overflow in the CL_vsprintf function in Takumi Yamada DX Library before 3.16 allows remote attackers to execute arbitrary code via a crafted string. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Dx Library
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2015-8547 HIGH PATCH This Week

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Quassel Leap Opensuse
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2015-7362 HIGH This Week

Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Forticlient
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-8754 HIGH PATCH This Week

The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Mollom
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-6433 MEDIUM This Month

SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2014-6444 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Titan Framework
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-8757 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Typo3
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-8760 MEDIUM PATCH This Month

The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing.". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Typo3
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1498 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Owncloud Owncloud Server
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-6434 MEDIUM This Month

Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Infrastructure
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-1565 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Field Group
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-8226 MEDIUM This Month

The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Ale Firmware Gem 703L Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8225 MEDIUM This Month

The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Ale Firmware Gem 703L Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8758 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Typo3
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8755 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Typo3
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8759 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Typo3
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8756 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Typo3
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8615 MEDIUM This Month

The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2015-7328 MEDIUM This Month

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Puppet Enterprise
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2016-1501 MEDIUM This Month

ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Owncloud Owncloud Server
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-8303 MEDIUM This Month

Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Document Security Management
NVD
CVSS 3.0
4.0
EPSS
0.0%
CVE-2015-7519 LOW PATCH Monitor

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apache Phusion Passenger
NVD GitHub
CVSS 3.0
3.7
EPSS
0.4%
CVE-2015-7758 LOW Monitor

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Leap Opensuse Gummi
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2015-8481 LOW Monitor

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Atlassian Information Disclosure Jira Core Jira Server Jira Service Desk
NVD
CVSS 3.0
3.1
EPSS
0.4%
CVE-2016-1500 LOW Monitor

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner,. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Owncloud Owncloud Server
NVD
CVSS 3.0
3.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy