Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2285 | 1 Ubuntu | 2 Upstart, Vivid | 2015-03-13 | 7.2 HIGH | N/A |
| The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/. | |||||
| CVE-2015-2208 | 1 Avinu | 1 Phpmoadmin | 2015-03-12 | 7.5 HIGH | N/A |
| The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | |||||
| CVE-2015-1483 | 2 Linux, Symantec | 2 Linux Kernel, Netbackup Opscenter | 2015-03-12 | 7.5 HIGH | N/A |
| Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | |||||
| CVE-2015-2235 | 2015-03-12 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1067. Reason: This candidate is a duplicate of CVE-2015-1067. Notes: All CVE users should reference CVE-2015-1067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-7896 | 1 Hp | 4 Xp7 Global Link Manager Software, Xp P9000 Device Manager, Xp P9000 Replication Manager and 1 more | 2015-03-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4040 | 1 Powerpc-utils Project | 1 Powerpc-utils | 2015-03-12 | 5.0 MEDIUM | N/A |
| snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | |||||
| CVE-2015-2182 | 1 Ajsquare | 1 Zeuscart | 2015-03-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322. | |||||
| CVE-2015-0201 | 1 Pivotal Software | 1 Spring Framework | 2015-03-11 | 5.0 MEDIUM | N/A |
| The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. | |||||
| CVE-2014-9566 | 1 Solarwinds | 8 Orion Ip Address Manager, Orion Netflow Traffic Analyzer, Orion Network Configuration Manager and 5 more | 2015-03-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint. | |||||
| CVE-2010-5322 | 1 Ajsquare | 1 Zeuscart | 2015-03-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php. | |||||
| CVE-2015-2184 | 1 Ajsquare | 1 Zeuscart | 2015-03-11 | 5.0 MEDIUM | N/A |
| ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. | |||||
| CVE-2015-2244 | 1 Webshophun | 1 Webshop Hun | 2015-03-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php. | |||||
| CVE-2015-2242 | 1 Webshophun | 1 Webshop Hun | 2015-03-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php. | |||||
| CVE-2015-2243 | 1 Webshophun | 1 Webshop Hun | 2015-03-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php. | |||||
| CVE-2014-2188 | 2015-03-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0607. Reason: This candidate is a duplicate of CVE-2015-0607. The wrong ID was used. Notes: All CVE users should reference CVE-2015-0607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-9689 | 1 Google | 1 Chrome | 2015-03-09 | 5.0 MEDIUM | N/A |
| content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231. | |||||
| CVE-2011-5319 | 1 Google | 1 Chrome | 2015-03-09 | 5.0 MEDIUM | N/A |
| content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231. | |||||
| CVE-2015-1599 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 2.1 LOW | N/A |
| The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. | |||||
| CVE-2015-1596 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 5.8 MEDIUM | N/A |
| The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-1598 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 2.1 LOW | N/A |
| The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem. | |||||
| CVE-2015-1597 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 6.8 MEDIUM | N/A |
| The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream. | |||||
| CVE-2014-9369 | 1 Siemens | 6 Spc4000, Spc4000 Firmware, Spc5000 and 3 more | 2015-03-09 | 7.8 HIGH | N/A |
| Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets. | |||||
| CVE-2015-0895 | 1 Tips And Tricks Hq | 1 All In One Wordpress Security And Firewall | 2015-03-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. | |||||
| CVE-2015-0894 | 1 Tips And Tricks Hq | 1 All In One Wordpress Security And Firewall | 2015-03-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-9371 | 1 Zohocorp | 1 Manageengine Desktop Central | 2015-03-07 | 10.0 HIGH | N/A |
| The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | |||||
| CVE-2015-0607 | 1 Cisco | 1 Ios | 2015-03-06 | 4.3 MEDIUM | N/A |
| The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. | |||||
| CVE-2014-9688 | 1 Ninjaforms | 1 Ninja Forms | 2015-03-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. | |||||
| CVE-2015-2215 | 1 Services Single Sign-on Server Helper Project | 1 Services Single Sign-on Server Helper | 2015-03-05 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | |||||
| CVE-2013-4709 | 1 Iij | 12 Seil\%2fb1 Firmware, Seil\%2fneu 2fe Plus Firmware, Seil\%2fturbo Firmware and 9 more | 2015-03-05 | 6.8 MEDIUM | N/A |
| Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 with firmware before 2.82, SEIL/X1 with firmware before 4.32, SEIL/X2 with firmware before 4.32, SEIL/B1 with firmware before 4.32, SEIL/Turbo with firmware before 2.16, and SEIL/neu 2FE Plus with firmware before 2.16 allows remote attackers to execute arbitrary code via a crafted L2TP message. | |||||
| CVE-2015-2199 | 1 Wonderplugin | 1 Audio Player | 2015-03-04 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. | |||||
| CVE-2015-2197 | 1 Entity Api Project | 1 Entity Api | 2015-03-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API. | |||||
| CVE-2015-2198 | 1 Beehive Forum | 1 Beehive Forum | 2015-03-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message. | |||||
| CVE-2015-2196 | 1 Web-dorado | 1 Spider Calendar | 2015-03-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-0934 | 1 Sharelatex | 1 Sharelatex | 2015-03-04 | 6.5 MEDIUM | N/A |
| Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | |||||
| CVE-2015-1031 | 1 Privoxy | 1 Privoxy | 2015-03-04 | 7.5 HIGH | N/A |
| Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2015-0933 | 1 Sharelatex | 1 Sharelatex | 2015-03-04 | 3.5 LOW | N/A |
| Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command. | |||||
| CVE-2015-0887 | 1 Iij | 8 Seil\/b1, Seil\/b1 Firmware, Seil\/x1 and 5 more | 2015-03-04 | 7.1 HIGH | N/A |
| npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.70 allows remote attackers to cause a denial of service (infinite loop and device hang) via a crafted SSTP packet. | |||||
| CVE-2015-0631 | 1 Cisco | 12 Ids 4210, Ids 4215, Ids 4220 and 9 more | 2015-03-04 | 7.1 HIGH | N/A |
| Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688. | |||||
| CVE-2015-0881 | 1 Squid-cache | 1 Squid | 2015-03-04 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. | |||||
| CVE-2014-7816 | 2 Microsoft, Redhat | 2 Windows, Undertow | 2015-03-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. | |||||
| CVE-2015-0890 | 1 Bestwebsoft | 1 Google Captcha | 2015-03-03 | 5.0 MEDIUM | N/A |
| The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. | |||||
| CVE-2014-9283 | 1 Bestwebsoft | 1 Captcha | 2015-03-03 | 5.0 MEDIUM | N/A |
| The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. | |||||
| CVE-2014-8921 | 1 Ibm | 1 Notes Traveler Companion | 2015-03-03 | 4.3 MEDIUM | N/A |
| The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message. | |||||
| CVE-2015-2168 | 2015-03-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none. | |||||
| CVE-2013-4476 | 1 Samba | 1 Samba | 2015-03-03 | 1.2 LOW | N/A |
| Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. | |||||
| CVE-2015-0888 | 1 Kent-web | 1 Clip Board | 2015-03-02 | 6.4 MEDIUM | N/A |
| KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors. | |||||
| CVE-2015-0889 | 1 Kent-web | 1 Joyful Note | 2015-03-02 | 7.5 HIGH | N/A |
| KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article. | |||||
| CVE-2014-9682 | 1 Dns-sync Project | 1 Dns-sync | 2015-03-02 | 10.0 HIGH | N/A |
| The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. | |||||
| CVE-2015-2078 | 1 Komodia | 1 Redirector Sdk | 2015-02-28 | 5.0 MEDIUM | N/A |
| The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, a different vulnerability than CVE-2015-2077. | |||||
| CVE-2015-2087 | 1 Avatar Uploader Project | 1 Avatar Uploader | 2015-02-27 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors. | |||||