Skip to main content

Milkystep Professional Oem

7 CVEs product

Monthly

CVE-2015-2958 MEDIUM This Month

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2015-2953 MEDIUM This Month

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-2952 MEDIUM This Month

The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-2957 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-2956 HIGH This Week

SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-2955 HIGH This Week

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-2954 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Milkystep Light Milkystep Professional Milkystep Professional Oem
NVD
CVSS 2.0
6.8
EPSS
0.1%
EPSS 1% CVSS 6.4
MEDIUM This Month

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Milkystep Light Milkystep Professional +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Milkystep Light Milkystep Professional +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Milkystep Light Milkystep Professional +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Milkystep Light Milkystep Professional +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Milkystep Light Milkystep Professional +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Milkystep Light Milkystep Professional +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Milkystep Light Milkystep Professional +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy