Skip to main content
CVE-2016-6433 HIGH POC THREAT Act Now

The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.7%.

Cisco Information Disclosure Secure Firewall Management Center
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
69.7%
Threat
5.3
CVE-2015-1000012 HIGH POC THREAT Act Now

Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.6%.

WordPress Information Disclosure Mypixs
NVD
CVSS 3.0
7.5
EPSS
68.6%
Threat
5.1
CVE-2016-6435 MEDIUM POC THREAT This Month

The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 55.0%.

Cisco Information Disclosure Secure Firewall Management Center
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
55.0%
Threat
4.5
CVE-2016-1000112 CRITICAL POC THREAT Emergency

Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.7%.

Path Traversal WordPress File Upload Contus Video Comments
NVD
CVSS 3.1
9.1
EPSS
35.7%
Threat
4.4
CVE-2015-1000010 HIGH POC THREAT Act Now

Remote file download in simple-image-manipulator v1.0 wordpress plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.0%.

WordPress Authentication Bypass Simple Image Manipulator
NVD
CVSS 3.0
7.5
EPSS
32.0%
Threat
4.0
CVE-2016-1000217 CRITICAL POC THREAT Emergency

Zotpress plugin for WordPress SQLi in zp_get_account(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

WordPress SQLi Zotpress
NVD
CVSS 3.0
9.8
EPSS
11.4%
CVE-2015-1000000 CRITICAL POC THREAT Emergency

Remote file upload vulnerability in mailcwp v1.99 wordpress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

WordPress File Upload Mailcwp
NVD
CVSS 3.0
9.8
EPSS
11.3%
CVE-2015-1000005 HIGH POC THREAT Act Now

Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.

Path Traversal WordPress Candidate Application Form
NVD
CVSS 3.0
7.5
EPSS
21.2%
CVE-2015-1000001 CRITICAL POC Act Now

Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Fast Image Adder
NVD
CVSS 3.0
9.8
EPSS
7.8%
CVE-2016-1000123 CRITICAL POC Act Now

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Video Gallery
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.4%
CVE-2016-1453 CRITICAL Act Now

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.1% and no vendor patch available.

Cisco Buffer Overflow RCE Nx Os
NVD
CVSS 3.1
9.8
EPSS
26.1%
CVE-2015-1000011 CRITICAL POC Act Now

Blind SQL Injection in wordpress plugin dukapress v2.5.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Dukapress
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2015-1000003 CRITICAL POC Act Now

Blind SQL Injection in filedownload v1.4 wordpress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Filedownload
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2016-1000113 CRITICAL POC Act Now

XSS and SQLi in huge IT gallery v1.1.5 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Gallery
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2016-1000124 CRITICAL POC Act Now

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Portfolio Gallery
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2016-1000125 CRITICAL POC Act Now

Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Huge It Catalog
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.2%
CVE-2015-1000009 CRITICAL POC Act Now

Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Google Authentication Bypass Google Adsense And Hotel Booking
NVD
CVSS 3.0
9.1
EPSS
5.7%
CVE-2015-1000007 HIGH POC This Week

Remote file download vulnerability in wptf-image-gallery v1.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wptf Image Gallery
NVD
CVSS 3.0
7.5
EPSS
8.9%
CVE-2015-1000013 HIGH POC This Week

Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Csv2Wpec Coupon
NVD
CVSS 3.0
7.8
EPSS
6.0%
CVE-2015-1000002 HIGH POC This Week

Open Proxy in filedownload v1.4 wordpress plugin. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Filedownload
NVD
CVSS 3.0
8.2
EPSS
3.1%
CVE-2016-6434 HIGH POC This Week

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Authentication Bypass Secure Firewall Management Center
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.4%
CVE-2015-1000004 MEDIUM POC This Month

XSS in filedownload v1.4 wordpress plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Filedownload
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2016-1000114 MEDIUM POC This Month

XSS in huge IT gallery v1.1.5 for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gallery
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2015-1000006 HIGH Act Now

Remote file download vulnerability in recent-backups v0.7 wordpress plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

Path Traversal WordPress Recent Backups
NVD
CVSS 3.0
7.5
EPSS
10.6%
CVE-2016-6427 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Unified Contact Center Express Unified Intelligence Center
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1000000 HIGH This Week

Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Whatsup Gold
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-0721 HIGH This Week

Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Nx Os
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2016-6428 HIGH This Week

Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Cisco Ios Xr
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-6392 HIGH This Week

Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2015-6393 HIGH This Week

Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-6653 HIGH This Week

The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Cf Mysql
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-1000009 HIGH This Week

TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6023 HIGH This Week

Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Sterling Secure Proxy
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6422 HIGH This Week

Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass iOS
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-1454 MEDIUM This Month

Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2016-6424 MEDIUM This Month

The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2015-1000008 MEDIUM This Month

Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Mp3 Jplayer
NVD
CVSS 3.0
5.3
EPSS
5.7%
CVE-2016-6425 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express Unified Intelligence Center
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6436 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Hostscan Engine
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6027 MEDIUM This Month

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Sterling Secure Proxy
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6025 MEDIUM This Month

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Sterling Secure Proxy
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-6026 MEDIUM This Month

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Sterling Secure Proxy
NVD
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy