Skip to main content
CVE-2016-5330 HIGH POC THREAT Act Now

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.5%.

Information Disclosure VMware Workstation Player Workstation Pro ESXi +2
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
25.5%
CVE-2015-6396 HIGH POC This Week

The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cisco Rv110W Wireless N Vpn Firewall Firmware Rv130W Wireless N Multifunction Vpn Router Firmware Rv215W Wireless N Vpn Router Firmware
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.4%
CVE-2016-5792 CRITICAL Act Now

SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Softcms
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2016-1468 HIGH This Week

The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Telepresence Video Communication Server
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-2875 HIGH PATCH This Week

IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2015-6397 HIGH This Week

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Rv110W Wireless N Vpn Firewall Firmware Rv130W Wireless N Multifunction Vpn Router Firmware Rv215W Wireless N Vpn Router Firmware
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-1430 HIGH This Week

Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Rv180 Vpn Router Firmware Rv180W Vpn Router Firmware
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-6486 HIGH This Week

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Siemens Sinema Server
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1478 HIGH This Week

Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2016-4374 HIGH PATCH This Week

HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service SSRF Release Control
NVD
CVSS 3.0
7.7
EPSS
0.2%
CVE-2016-1466 HIGH This Week

Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Manager Im And Presence Service
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-1429 HIGH This Week

Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Rv180 Vpn Router Firmware Rv180W Wireless N Multifunction Vpn Router Firmware
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-5878 MEDIUM PATCH This Month

Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Open Redirect Filenet Workplace
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-2989 MEDIUM PATCH This Month

Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Authentication Bypass Connections Portlets
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-0361 MEDIUM PATCH This Month

IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and 4.1.1 before 4.1.1.4 efix 9, when the Spectrum Scale GUI is used with DB2 on Linux, UNIX and Windows, allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Microsoft General Parallel File System
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-3059 MEDIUM PATCH This Month

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Tivoli Storage Flashcopy Manager For Sql Server Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-5331 MEDIUM PATCH This Month

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Code Injection Vcenter Server ESXi
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-2914 MEDIUM PATCH This Month

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM RCE File Upload Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.0
5.4
EPSS
3.3%
CVE-2016-2912 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Engineering Lifecycle Optimization Publishing
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3054 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Filenet Workplace
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0280 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Information Server Framework Infosphere Information Governance Catalog Infosphere Information Server Business Glossary
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2925 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Portal
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2016-0281 LOW Monitor

The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Denial Of Service Aix Vios
NVD
CVSS 3.0
3.7
EPSS
3.6%
CVE-2016-1474 MEDIUM This Month

Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime Infrastructure
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-0266 LOW Monitor

IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Vios Aix
NVD
CVSS 3.0
3.7
EPSS
0.7%
CVE-2016-2960 LOW PATCH Monitor

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Denial Of Service Authentication Bypass Websphere Application Server
NVD
CVSS 3.0
3.7
EPSS
0.7%
CVE-2016-0380 LOW PATCH Monitor

IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Privilege Escalation Sterling Connect
NVD
CVSS 3.1
3.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy