Skip to main content
CVE-2015-5471 MEDIUM POC PATCH THREAT This Month

Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.0%.

Path Traversal WordPress PHP Swim Team
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
54.0%
Threat
4.2
CVE-2015-7242 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fritz Os
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-4671 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Opencart
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-4703 MEDIUM POC This Month

Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Rename
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2015-8603 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Serendipity
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8673 MEDIUM This Month

Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Te30 Te40 Te50 +2
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-1715 MEDIUM PATCH This Month

The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit. Rated medium severity (CVSS 6.6).

Denial Of Service Buffer Overflow Microsoft Windows Application Control
NVD
CVSS 3.0
6.6
EPSS
0.4%
CVE-2016-1231 MEDIUM PATCH This Month

Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Fedora Prosody Debian Linux
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2015-8337 MEDIUM This Month

The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Mate 7 Firmware P8 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8672 MEDIUM This Month

The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Te60 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy