Skip to main content
CVE-2015-4667 CRITICAL POC THREAT Emergency

Multiple hardcoded credentials in Xsuite 2.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

Authentication Bypass Xsuite
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.0%
Threat
4.2
CVE-2017-14125 CRITICAL POC Act Now

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Responsive Image Gallery Gallery Album
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2015-7510 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Systemd
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-14734 HIGH POC This Week

The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libbpg
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2015-7293 HIGH POC PATCH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Plone Zope Management Interface
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-14683 HIGH POC PATCH This Week

geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Geminabox
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2015-4669 HIGH POC This Week

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xsuite
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2015-4668 MEDIUM POC This Month

Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Xsuite
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.2%
CVE-2017-14731 MEDIUM POC This Month

ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libofx
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-12905 CRITICAL Act Now

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP RCE Pixie Image Editor
NVD
CVSS 3.1
10.0
EPSS
1.8%
CVE-2012-6696 CRITICAL PATCH Act Now

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Debian Information Disclosure Inspircd
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%
CVE-2015-8375 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Php Fusion
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-14506 MEDIUM POC PATCH This Month

geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Geminabox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2015-7544 CRITICAL Act Now

redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Virtualization Manager
NVD
CVSS 3.0
9.1
EPSS
0.9%
CVE-2015-5237 HIGH PATCH GHSA This Week

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Protobuf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2015-5182 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Amq
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2015-5263 HIGH PATCH This Week

pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pulp
NVD GitHub
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-14729 HIGH PATCH This Week

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2015-5704 HIGH PATCH This Week

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Devscripts Fedora
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14730 HIGH This Week

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-1362 HIGH PATCH This Week

IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-7318 HIGH PATCH This Week

Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Plone
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-5183 HIGH This Week

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Amq Jboss A Mq Jboss Enterprise Web Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2015-5184 HIGH This Week

Console: CORS headers set to allow all in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Amq Jboss Enterprise Web Server
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2016-5868 HIGH PATCH This Week

drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm RCE Google Privilege Escalation Android
NVD
CVSS 3.0
7.0
EPSS
0.9%
CVE-2015-7317 MEDIUM This Month

Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Kupu Plone
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2015-6592 MEDIUM This Month

Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Uap2105 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-14733 MEDIUM This Month

ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-1235 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-5327 MEDIUM PATCH This Month

Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Kernel
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2015-6748 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Jsoup Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2015-5169 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Struts
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2017-14735 MEDIUM PATCH This Month

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Antisamy
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2015-7316 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Plone
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2015-5282 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Foreman
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-9551 MEDIUM This Month

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mahara
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1551 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-5666 MEDIUM This Month

ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure All Nippon Airways
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2015-7315 MEDIUM PATCH This Month

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Plone
NVD GitHub
CVSS 3.0
5.9
EPSS
0.4%
CVE-2015-7785 MEDIUM This Month

GANMA!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Ganma
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-8251 MEDIUM This Month

OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openstage 60 Firmware Openscape Desk Phone Ip 55G Sip Firmware Openstage 15 Firmware Openstage 20E Firmware +6
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-1424 MEDIUM This Month

IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2015-5181 MEDIUM This Month

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jboss A Mq
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-7846 MEDIUM This Month

Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure S9300 Firmware S9700 Firmware S7700 Firmware +4
NVD
CVSS 3.0
4.6
EPSS
0.0%
CVE-2017-1555 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1346 LOW PATCH Monitor

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Business Process Manager
NVD
CVSS 3.0
2.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy