Skip to main content
CVE-2016-1464 HIGH POC This Week

Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco RCE Webex Wrf Player T29
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.5%
CVE-2016-1415 MEDIUM POC This Month

Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Denial Of Service Webex Wrf Player T29
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
4.1%
CVE-2015-5721 CRITICAL PATCH Act Now

Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Malware Information Sharing Platform
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.9%
CVE-2015-5719 CRITICAL PATCH Act Now

app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Malware Information Sharing Platform
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-6377 HIGH This Week

Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Authentication Bypass Media Origination System Suite
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2015-5720 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Malware Information Sharing Platform
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5430 MEDIUM PATCH This Month

The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Jose Php
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2016-5429 LOW PATCH Monitor

jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Jose Php
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy