Skip to main content
CVE-2015-4682 MEDIUM POC THREAT This Month

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Information Disclosure Realpresence Resource Manager
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
12.3%
CVE-2015-4684 MEDIUM POC THREAT This Month

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Path Traversal Authentication Bypass Realpresence Resource Manager
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
11.4%
CVE-2014-9610 MEDIUM POC THREAT This Month

Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

PHP Privilege Escalation Netsweeper
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
13.4%
CVE-2017-14142 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kaltura Server
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2015-1849 MEDIUM POC This Month

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Red Hat Information Disclosure Jboss Enterprise Application Platform
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-1864 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Kallithea
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2017-14601 MEDIUM POC This Month

Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure Pragyan Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
0.3%
CVE-2017-14600 MEDIUM POC This Month

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure Pragyan Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
0.3%
CVE-2017-14597 MEDIUM POC This Month

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Aurora Webmail
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2015-3420 MEDIUM This Month

The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service OpenSSL Dovecot Fedora
NVD
CVSS 3.0
5.9
EPSS
7.6%
CVE-2015-3419 MEDIUM This Month

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vbulletin
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2015-3880 MEDIUM PATCH This Month

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Google Phpbb Chrome
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2015-3299 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress Floating Social Bar
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-3432 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Pydio
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7837 MEDIUM This Month

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Authentication Bypass Red Hat Enterprise Linux Enterprise Linux Desktop +4
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-6191 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy