Skip to main content
CVE-2016-0050 MEDIUM This Month

Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 53.2% and no vendor patch available.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012
NVD
CVSS 3.0
5.3
EPSS
53.2%
CVE-2016-0049 MEDIUM POC This Month

Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +3
NVD Exploit-DB
CVSS 3.0
6.2
EPSS
3.6%
CVE-2015-7675 MEDIUM POC This Month

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Moveit Dmz Moveit Mobile
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2015-7679 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moveit Mobile
NVD
CVSS 3.0
6.1
EPSS
0.0%
CVE-2015-7680 MEDIUM POC This Month

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Moveit Dmz
NVD
CVSS 3.0
5.3
EPSS
0.0%
CVE-2016-0080 MEDIUM This Month

Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.2% and no vendor patch available.

Information Disclosure Microsoft Edge
NVD
CVSS 3.0
4.3
EPSS
15.2%
CVE-2016-0059 MEDIUM This Month

The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
14.0%
CVE-2016-0039 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Sharepoint Foundation
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2016-0077 MEDIUM This Month

Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Edge Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
9.4%
CVE-2016-0955 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-0950 MEDIUM This Month

Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Connect
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2015-7677 MEDIUM This Month

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moveit Dmz
NVD
CVSS 3.0
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy