Skip to main content
CVE-2015-4668 MEDIUM POC This Month

Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Xsuite
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.2%
CVE-2017-14731 MEDIUM POC This Month

ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libofx
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-8375 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Php Fusion
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-14506 MEDIUM POC PATCH This Month

geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Geminabox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2015-7317 MEDIUM This Month

Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Kupu Plone
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2015-6592 MEDIUM This Month

Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Uap2105 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2017-14733 MEDIUM This Month

ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-1235 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-5327 MEDIUM PATCH This Month

Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Kernel
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2015-6748 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Jsoup Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2015-5169 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Struts
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2017-14735 MEDIUM PATCH This Month

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Antisamy
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2015-7316 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Plone
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2015-5282 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Foreman
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-9551 MEDIUM This Month

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mahara
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-1551 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-5666 MEDIUM This Month

ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure All Nippon Airways
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2015-7315 MEDIUM PATCH This Month

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Plone
NVD GitHub
CVSS 3.0
5.9
EPSS
0.4%
CVE-2015-7785 MEDIUM This Month

GANMA!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Ganma
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-8251 MEDIUM This Month

OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openstage 60 Firmware Openscape Desk Phone Ip 55G Sip Firmware Openstage 15 Firmware Openstage 20E Firmware +6
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2017-1424 MEDIUM This Month

IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2015-5181 MEDIUM This Month

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jboss A Mq
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-7846 MEDIUM This Month

Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure S9300 Firmware S9700 Firmware S7700 Firmware +4
NVD
CVSS 3.0
4.6
EPSS
0.0%
CVE-2017-1555 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy