Skip to main content
CVE-2016-1291 CRITICAL Act Now

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Evolved Programmable Network Manager Prime Infrastructure Opensolaris
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2016-3968 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sophos Cyberoam Cr100Ing Utm Firmware Cyberoam Cr35Ing Utm Firmware
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-1313 CRITICAL Act Now

Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Ucs Invicta C3124Sa Appliance
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2015-7921 CRITICAL Act Now

The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Proface Gp Pro Ex Ex Ed Proface Gp Pro Ex Pfxexedls Proface Gp Pro Ex Pfxexedv Proface Gp Pro Ex Pfxexgrpls
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2016-2290 HIGH This Week

Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Proface Gp Pro Ex Ex Ed Proface Gp Pro Ex Pfxexedls +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2016-1174 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Casebook Plugin
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1172 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Casebook Plugin
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1170 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Casebook Plugin
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1290 HIGH This Week

The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Evolved Programmable Network Manager Prime Infrastructure Opensolaris
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2015-6312 HIGH This Week

Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Emc Powerscale Onefs Jr6150 Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-0871 HIGH This Week

Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eg2 Web Control
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-6313 HIGH This Week

Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Opensolaris Gs1900 10Hp Firmware Keymouse Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-2272 HIGH This Week

Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eg2 Web Control
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-2292 MEDIUM This Month

Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Proface Gp Pro Ex Ex Ed Proface Gp Pro Ex Pfxexedls +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2016-2291 MEDIUM This Month

Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow RCE Proface Gp Pro Ex Ex Ed +3
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-3118 MEDIUM This Month

CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Api Gateway
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2277 MEDIUM This Month

IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file. Rated medium severity (CVSS 6.3). No vendor patch available.

Rockwell RCE Authentication Bypass Integrated Architecture Builder
NVD
CVSS 3.0
6.3
EPSS
0.0%
CVE-2016-1173 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Casebook Plugin
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1171 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Casebook Plugin
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1169 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Casebook Plugin
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-3969 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Email Gateway
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-1346 MEDIUM This Month

The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Emc Powerscale Onefs Jr6150 Firmware X14J Firmware +2
NVD
CVSS 3.0
5.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy