Skip to main content
CVE-2015-8283 MEDIUM POC THREAT This Month

Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%.

Path Traversal PHP Spectrum Sdc
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
14.4%
CVE-2016-1915 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Blackberry Enterprise Service
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
7.2%
CVE-2017-7725 MEDIUM POC This Month

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Canonical Concrete Cms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.6%
CVE-2016-4031 MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Samsung Galaxy S6 Firmware Galaxy Note 3 Firmware Galaxy S4 Mini Firmware +2
NVD GitHub
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-4030 MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Samsung Galaxy S6 Firmware Galaxy Note 3 Firmware Galaxy S4 Mini Firmware +2
NVD GitHub
CVSS 3.0
6.8
EPSS
0.1%
CVE-2015-8272 MEDIUM POC This Month

RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Rtmpdump
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2015-8780 MEDIUM POC This Month

Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Path Traversal Samsung Kies
NVD GitHub
CVSS 3.0
6.4
EPSS
0.1%
CVE-2014-2710 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Oliver
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-8724 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Awk 3131A Firmware
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2016-2036 MEDIUM POC This Month

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Google Samsung Galaxy S6 Firmware +1
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8725 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Awk 3131A Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2016-8722 MEDIUM POC This Month

An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Awk 3131A Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2016-4032 MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Samsung Galaxy S6 Firmware Galaxy Note 3 Firmware +3
NVD GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-8720 MEDIUM POC This Month

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Awk 3131A Firmware
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2015-8345 MEDIUM PATCH This Month

The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2015-8864 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse Roundcube Webmail Webmail
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-4068 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse Roundcube Webmail Webmail
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-2104 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Red Hat Satellite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-7626 MEDIUM PATCH This Month

The "Smart related articles" extension 1.1 for Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Smart Related Articles
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-7565 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ember Js
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7854 MEDIUM PATCH This Month

The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-7740 MEDIUM This Month

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 Firmware P8 Ale Ul00 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-8223 MEDIUM This Month

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Huawei P7 Firmware P8 Ale Ul00 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2014-3887 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Rockdisk Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3106 MEDIUM PATCH This Month

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Information Disclosure Pulp
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-7627 MEDIUM PATCH This Month

The "Smart related articles" extension 1.1 for Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Smart Related Articles
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-1839 MEDIUM PATCH This Month

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Information Disclosure Salt Fedora
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2015-1838 MEDIUM PATCH This Month

modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Information Disclosure Salt Fedora
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy