Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4678 | 1 Persian Car Cms Project | 1 Persian Car Cms | 2016-12-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI. | |||||
| CVE-2015-4679 | 1 Airties | 2 Rt-210, Rt-210 Firmware | 2016-12-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm. | |||||
| CVE-2015-4713 | 1 Apphp | 1 Hotel Site | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. | |||||
| CVE-2015-4714 | 1 Dream-multimedia-tv | 2 Dreambox Dm500-s, Dreambox Dm500-s Firmware | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body. | |||||
| CVE-2015-4716 | 2 Microsoft, Owncloud | 2 Windows, Owncloud | 2016-12-07 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-4186 | 1 Cisco | 1 Virtualization Experience Client 6000 Series Firmware | 2016-12-07 | 7.2 HIGH | N/A |
| The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412. | |||||
| CVE-2015-4188 | 1 Cisco | 1 Prime Collaboration | 2016-12-07 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. | |||||
| CVE-2015-4189 | 1 Cisco | 1 Data Center Analytics Framework | 2016-12-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807. | |||||
| CVE-2015-4190 | 1 Cisco | 1 Prime Service Catalog | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683. | |||||
| CVE-2015-4206 | 1 Cisco | 1 Unified Communications Manager | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | |||||
| CVE-2015-4414 | 1 Se Html5 Album Audio Player Project | 1 Se Html5 Album Audio Player | 2016-12-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2015-4453 | 1 Open-emr | 1 Openemr | 2016-12-07 | 5.0 MEDIUM | N/A |
| interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php. | |||||
| CVE-2015-4460 | 1 Boxautomation | 1 C2box | 2016-12-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors. | |||||
| CVE-2015-2937 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 7.1 HIGH | N/A |
| MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942. | |||||
| CVE-2015-2938 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file. | |||||
| CVE-2015-2939 | 1 Mediawiki | 1 Scribunto | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace. | |||||
| CVE-2015-2940 | 1 Mediawiki | 1 Checkuser | 2016-12-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors. | |||||
| CVE-2015-2941 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value. | |||||
| CVE-2015-2942 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 7.1 HIGH | N/A |
| MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937. | |||||
| CVE-2015-3868 | 1 Google | 1 Android | 2016-12-07 | 10.0 HIGH | N/A |
| libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. | |||||
| CVE-2015-4112 | 1 Blackberry | 1 Enterprise Server | 2016-12-07 | 4.3 MEDIUM | N/A |
| The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue. | |||||
| CVE-2015-4155 | 1 Gnu | 1 Parallel | 2016-12-07 | 3.6 LOW | N/A |
| GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2015-4174 | 1 Siemens | 1 Climatix Bacnet\/ip | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-4183 | 1 Cisco | 1 Unified Computing System | 2016-12-07 | 7.2 HIGH | N/A |
| Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. | |||||
| CVE-2015-2706 | 1 Mozilla | 1 Firefox | 2016-12-07 | 6.8 MEDIUM | N/A |
| Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization. | |||||
| CVE-2015-2864 | 1 Retrospect | 2 Retrospect, Retrospect Client | 2016-12-07 | 5.0 MEDIUM | N/A |
| Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision. | |||||
| CVE-2015-2902 | 1 Hp | 1 Arcsight Smartconnectors | 2016-12-07 | 6.8 MEDIUM | N/A |
| HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2903 | 1 Hp | 1 Arcsight Smartconnectors | 2016-12-07 | 6.9 MEDIUM | N/A |
| The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password. | |||||
| CVE-2015-2924 | 1 Networkmanager Project | 1 Networkmanager | 2016-12-07 | 3.3 LOW | N/A |
| The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922. | |||||
| CVE-2015-2931 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI. | |||||
| CVE-2015-2932 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element. | |||||
| CVE-2015-2933 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant. | |||||
| CVE-2015-2934 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 4.3 MEDIUM | N/A |
| MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file. | |||||
| CVE-2015-2935 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT." | |||||
| CVE-2015-2936 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 7.1 HIGH | N/A |
| MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password. | |||||
| CVE-2015-1461 | 2 Clamav, Fedoraproject | 2 Clamav, Fedora | 2016-12-07 | 7.5 HIGH | N/A |
| ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." | |||||
| CVE-2015-1462 | 2 Clamav, Fedoraproject | 2 Clamav, Fedora | 2016-12-07 | 7.5 HIGH | N/A |
| ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." | |||||
| CVE-2015-1463 | 2 Clamav, Fedoraproject | 2 Clamav, Fedora | 2016-12-07 | 5.0 MEDIUM | N/A |
| ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." | |||||
| CVE-2015-1969 | 1 Ibm | 1 Tivoli Common Reporting | 2016-12-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-2017 | 1 Ibm | 1 Websphere Application Server | 2016-12-07 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||||
| CVE-2012-2351 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2016-12-07 | 5.0 MEDIUM | N/A |
| The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. | |||||
| CVE-2011-4016 | 1 Cisco | 1 Ios | 2016-12-07 | 5.4 MEDIUM | N/A |
| The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673. | |||||
| CVE-2013-4316 | 2 Apache, Oracle | 4 Struts, Flexcube Private Banking, Mysql Enterprise Monitor and 1 more | 2016-12-07 | 10.0 HIGH | N/A |
| Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. | |||||
| CVE-2015-0798 | 3 Google, Mozilla, Oracle | 3 Android, Firefox, Solaris | 2016-12-07 | 5.0 MEDIUM | N/A |
| The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy. | |||||
| CVE-2014-6521 | 1 Sun | 1 Sunos | 2016-12-07 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility. | |||||
| CVE-2015-0810 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2016-12-07 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element. | |||||
| CVE-2015-0814 | 1 Mozilla | 1 Firefox | 2016-12-07 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2014-6510 | 1 Sun | 1 Sunos | 2016-12-07 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility. | |||||
| CVE-2014-6518 | 1 Sun | 1 Sunos | 2016-12-07 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS). | |||||
| CVE-2014-6570 | 1 Sun | 1 Sunos | 2016-12-07 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397. | |||||