Skip to main content
CVE-2015-5471 MEDIUM POC PATCH THREAT This Month

Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.0%.

Path Traversal WordPress PHP Swim Team
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
54.0%
Threat
4.2
CVE-2015-8396 CRITICAL POC THREAT Emergency

Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.7%.

RCE Buffer Overflow Grassroots Dicom
NVD Exploit-DB
CVSS 3.0
10.0
EPSS
18.7%
Threat
4.1
CVE-2015-8397 HIGH POC PATCH This Week

The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Grassroots Dicom
NVD
CVSS 3.1
8.2
EPSS
2.1%
CVE-2015-8098 CRITICAL Act Now

F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service RCE Citrix Buffer Overflow Big Ip Access Policy Manager
NVD
CVSS 3.0
9.8
EPSS
10.9%
CVE-2015-8088 HIGH POC This Week

Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Huawei P8 Firmware +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.8%
CVE-2015-8611 CRITICAL Act Now

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Domain Name System Big Ip Application Acceleration Manager Big Ip Link Controller Big Ip Policy Enforcement Manager +5
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2015-8659 CRITICAL PATCH Act Now

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Mac Os X Nghttp2 Iphone Os Tvos +1
NVD
CVSS 3.0
10.0
EPSS
2.2%
CVE-2015-7242 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fritz Os
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-4671 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Opencart
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-1779 HIGH PATCH This Week

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qemu Ubuntu Linux Debian Linux Fedora +7
NVD
CVSS 3.1
8.6
EPSS
5.6%
CVE-2015-4703 MEDIUM POC This Month

Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Rename
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2015-8603 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Serendipity
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8306 HIGH This Week

Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Huawei P8 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1232 HIGH PATCH This Week

The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Prosody Fedora Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-8400 HIGH PATCH This Week

The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fedora Shellinabox
NVD GitHub
CVSS 3.0
7.4
EPSS
0.6%
CVE-2015-8769 HIGH This Week

SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Joomla
NVD
CVSS 3.0
7.3
EPSS
0.6%
CVE-2015-7393 HIGH This Week

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Big Iq Application Delivery Controller Big Ip Application Security Manager Big Iq Security Big Ip Wan Optimization Manager +16
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2015-8673 MEDIUM This Month

Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Te30 Te40 Te50 +2
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-1715 MEDIUM PATCH This Month

The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit. Rated medium severity (CVSS 6.6).

Denial Of Service Buffer Overflow Microsoft Windows Application Control
NVD
CVSS 3.0
6.6
EPSS
0.4%
CVE-2016-1231 MEDIUM PATCH This Month

Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Fedora Prosody Debian Linux
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2015-8337 MEDIUM This Month

The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate 7 Firmware P8 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8672 MEDIUM This Month

The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Te60 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-7759 LOW Monitor

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Big Ip Analytics Big Ip Application Acceleration Manager Big Ip Link Controller Big Ip Advanced Firewall Manager +4
NVD
CVSS 3.0
3.7
EPSS
0.8%
CVE-2015-7548 LOW Monitor

OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Nova
NVD
CVSS 3.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy