Skip to main content
CVE-2016-6435 MEDIUM POC THREAT This Month

The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 55.0%.

Cisco Information Disclosure Secure Firewall Management Center
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
55.0%
Threat
4.5
CVE-2015-1000004 MEDIUM POC This Month

XSS in filedownload v1.4 wordpress plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Filedownload
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2016-1000114 MEDIUM POC This Month

XSS in huge IT gallery v1.1.5 for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gallery
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2016-1454 MEDIUM This Month

Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2016-6424 MEDIUM This Month

The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2015-1000008 MEDIUM This Month

Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Mp3 Jplayer
NVD
CVSS 3.0
5.3
EPSS
5.7%
CVE-2016-6425 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express Unified Intelligence Center
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6436 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Hostscan Engine
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6027 MEDIUM This Month

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Sterling Secure Proxy
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6025 MEDIUM This Month

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Sterling Secure Proxy
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-6026 MEDIUM This Month

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Sterling Secure Proxy
NVD
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy