Skip to main content
CVE-2017-15359 MEDIUM POC THREAT This Month

In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

Path Traversal 3Cx
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
10.4%
CVE-2015-1239 MEDIUM POC This Month

Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Openjpeg Pdfium Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2017-14956 MEDIUM POC This Month

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Unified Security Management
NVD Exploit-DB
CVSS 3.0
5.7
EPSS
0.9%
CVE-2014-8491 MEDIUM POC This Month

The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Grand Flagallery
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2014-7813 MEDIUM This Month

Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Cloudforms 3 0 Management Engine
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-15583 MEDIUM This Month

The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Fox515T Firmware
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-15589 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-15593 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-15591 MEDIUM PATCH This Month

An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2015-7943 MEDIUM This Month

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Drupal Jquery Update Labjs
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2017-15571 MEDIUM PATCH This Month

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-15570 MEDIUM PATCH This Month

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-15569 MEDIUM PATCH This Month

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-15568 MEDIUM PATCH This Month

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-15574 MEDIUM PATCH This Month

In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-15573 MEDIUM PATCH This Month

In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-10515 MEDIUM PATCH This Month

In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Redmine
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-8024 MEDIUM PATCH This Month

EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Isilon Onefs
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-6961 MEDIUM PATCH This Month

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Web2Py
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15596 MEDIUM PATCH This Month

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Xen
NVD
CVSS 3.0
6.0
EPSS
0.1%
CVE-2014-7242 MEDIUM This Month

The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Sumaho Sumaho Driving Capability Diagnosis
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2014-3706 MEDIUM This Month

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Red Hat Information Disclosure Enterprise Mrg
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2014-3531 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Foreman
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-13083 MEDIUM This Month

Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE
NVD GitHub VulDB
CVSS 3.0
5.3
EPSS
0.1%
CVE-2015-3400 MEDIUM PATCH This Month

sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Zfs
NVD GitHub
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy