Security Vulnerabilities, CVEs, Published In May 2015 CVSS score >= 9
CVE-2015-3306
Public exploit
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
Max CVSS
10.0
EPSS Score
97.19%
Published
2015-05-18
Updated
2021-05-26
CVE-2015-3090
Public exploit
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093.
Max CVSS
10.0
EPSS Score
97.38%
Published
2015-05-13
Updated
2017-01-03
CVE-2015-2845
Public exploit
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
Max CVSS
10.0
EPSS Score
7.92%
Published
2015-05-12
Updated
2018-10-09
CVE-2014-9727
Public exploit
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
Max CVSS
10.0
EPSS Score
95.70%
Published
2015-05-29
Updated
2018-08-13
CVE-2014-8361
Known exploited
Public exploit
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
Max CVSS
10.0
EPSS Score
96.86%
Published
2015-05-01
Updated
2023-09-05
CISA KEV Added
2023-09-18
5 vulnerabilities found