Latest CVE Feed
-
5.0
MEDIUMCVE-2015-4616
Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.... Read more
Affected Products : easy2map- EPSS Score: %11.83
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4614
Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.... Read more
Affected Products : easy2map- EPSS Score: %5.56
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2015-5459
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated b... Read more
Affected Products : manageengine_password_manager_pro- EPSS Score: %0.84
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-5458
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter.... Read more
Affected Products : pivotx- EPSS Score: %1.08
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-5457
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php.... Read more
Affected Products : pivotx- EPSS Score: %2.51
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-5456
Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.... Read more
Affected Products : pivotx- EPSS Score: %0.42
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-5455
Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/.... Read more
Affected Products : x-cart- EPSS Score: %0.22
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-5454
Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.... Read more
Affected Products : nucleus_cms- EPSS Score: %0.51
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2015-5453
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.... Read more
Affected Products : xcs- EPSS Score: %72.45
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-5452
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.... Read more
Affected Products : xcs- EPSS Score: %17.26
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1796
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity ... Read more
- EPSS Score: %0.17
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-9741
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
- EPSS Score: %0.34
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
6.0
MEDIUMCVE-2014-8175
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.... Read more
Affected Products : jboss_fuse- EPSS Score: %0.19
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-5119
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to ... Read more
- Actively Exploited
- EPSS Score: %93.23
- Published: Jul. 08, 2015
- Modified: Apr. 21, 2025
-
7.8
HIGHCVE-2015-4620
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) b... Read more
Affected Products : bind- EPSS Score: %13.88
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2015-4243
The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCt... Read more
- EPSS Score: %0.26
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-4242
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721.... Read more
Affected Products : firesight_system_software- EPSS Score: %0.11
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2015-4241
Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCut52679.... Read more
- EPSS Score: %0.34
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4240
Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656.... Read more
Affected Products : ip_communicator- EPSS Score: %0.46
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-2866
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.... Read more
- EPSS Score: %1.63
- Published: Jul. 08, 2015
- Modified: Apr. 12, 2025