Skip to main content
CVE-2015-8399 MEDIUM POC THREAT This Month

Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Atlassian Information Disclosure Confluence
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
93.0%
Threat
5.2
CVE-2016-0784 MEDIUM POC PATCH This Month

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Apache Openmeetings
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
6.1%
CVE-2016-0712 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Jetspeed
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2016-0711 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Jetspeed
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2015-0265 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Ranger
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2015-8398 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Confluence
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-2163 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Openmeetings
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2016-3676 MEDIUM This Month

Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Huawei E3276S Firmware
NVD
CVSS 3.0
6.4
EPSS
0.0%
CVE-2015-7528 MEDIUM PATCH This Month

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Kubernetes Information Disclosure Openshift
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2014-9759 MEDIUM PATCH This Month

Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Mantisbt
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2015-7502 MEDIUM This Month

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Red Hat Information Disclosure PostgreSQL Cloudforms Management Engine Cloudforms
NVD
CVSS 3.0
5.1
EPSS
0.1%
CVE-2015-5233 MEDIUM PATCH This Month

Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable.

Privilege Escalation Foreman Satellite
NVD
CVSS 3.0
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy