Skip to main content
CVE-2015-8969 CRITICAL POC PATCH Act Now

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Fastclone
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2015-8968 HIGH POC PATCH This Week

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Fastclone
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2016-6448 CRITICAL Act Now

A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Buffer Overflow RCE Meeting Server
NVD
CVSS 3.0
9.8
EPSS
7.6%
CVE-2016-6447 CRITICAL Act Now

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Buffer Overflow RCE Meeting App Meeting Server
NVD
CVSS 3.0
9.8
EPSS
7.6%
CVE-2016-6441 CRITICAL Act Now

A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Buffer Overflow Ios Xe
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2016-7095 CRITICAL Act Now

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-6452 CRITICAL Act Now

A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime Home
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2016-7453 CRITICAL PATCH Act Now

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-7402 CRITICAL Act Now

SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation SAP SQLi Adaptive Server Enterprise
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2016-9086 MEDIUM PATCH This Month

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.5%.

Gitlab Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
13.5%
CVE-2016-6430 HIGH This Week

A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Ip Interoperability And Collaboration System
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6455 HIGH This Week

A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Asr 5000 Software
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-7452 HIGH PATCH This Week

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Path Traversal File Upload Exponent Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-9134 HIGH PATCH This Week

Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Information Disclosure Exponent Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-7160 HIGH This Week

A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Null Pointer Dereference Samsung Mobile
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-9135 HIGH PATCH This Week

Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Information Disclosure Exponent Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-9136 HIGH PATCH This Week

Artifex Software, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Mujs
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2016-6453 HIGH This Week

A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Identity Services Engine
NVD
CVSS 3.0
7.3
EPSS
0.3%
CVE-2016-6454 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Hosted Collaboration Mediation Fulfillment
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-6451 MEDIUM This Month

Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Collaboration Provisioning
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-6429 MEDIUM This Month

A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Ip Interoperability And Collaboration System
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4025 MEDIUM This Month

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Business Security Free Antivirus Internet Security Premier +7
NVD
CVSS 3.0
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy