Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2965 | 1 Oscommerce | 1 Oscommerce | 2016-12-03 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-3002 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2016-12-03 | 6.9 MEDIUM | N/A |
| Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device. | |||||
| CVE-2015-3003 | 1 Juniper | 1 Junos | 2016-12-03 | 7.2 HIGH | N/A |
| Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments. | |||||
| CVE-2015-3004 | 1 Juniper | 1 Junos | 2016-12-03 | 4.3 MEDIUM | N/A |
| J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, and 14.2 before 14.2R1 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. | |||||
| CVE-2015-3005 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2016-12-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3010 | 1 Ceph | 1 Ceph-deploy | 2016-12-03 | 2.1 LOW | N/A |
| ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2015-3011 | 2 Debian, Owncloud | 2 Debian Linux, Owncloud | 2016-12-03 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact. | |||||
| CVE-2015-3027 | 1 Apple | 1 Xcode | 2016-12-03 | 5.0 MEDIUM | N/A |
| Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program. | |||||
| CVE-2015-2760 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2016-12-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2761 | 1 Websense | 1 Triton Ap Web | 2016-12-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense TRITON AP-WEB before 8.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2762 | 1 Websense | 1 Triton Ap Web | 2016-12-03 | 5.0 MEDIUM | N/A |
| Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. | |||||
| CVE-2015-2763 | 1 Websense | 1 Triton Ap Email | 2016-12-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703. | |||||
| CVE-2015-2764 | 1 Websense | 1 Triton Ap Data | 2016-12-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog. | |||||
| CVE-2015-2765 | 1 Websense | 1 Triton Ap Email | 2016-12-03 | 4.3 MEDIUM | N/A |
| The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2015-2766 | 1 Websense | 1 Triton Ap Email | 2016-12-03 | 5.0 MEDIUM | N/A |
| The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack. | |||||
| CVE-2015-2767 | 1 Websense | 1 Triton Ap Email | 2016-12-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled." | |||||
| CVE-2015-2768 | 1 Websense | 2 Triton Ap Email, V-series Appliances | 2016-12-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2771 | 1 Websense | 2 Triton Ap Email, V-series Appliances | 2016-12-03 | 5.0 MEDIUM | N/A |
| The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-2772 | 1 Websense | 1 V-series Appliances | 2016-12-03 | 7.5 HIGH | N/A |
| SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors. | |||||
| CVE-2015-2773 | 1 Websense | 1 V-series Appliances | 2016-12-03 | 5.0 MEDIUM | N/A |
| SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-2776 | 2 Debian, Gaia-gis | 2 Debian Linux, Freexl | 2016-12-03 | 4.3 MEDIUM | N/A |
| The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook. | |||||
| CVE-2015-2778 | 1 Quassel-irc | 1 Quassel | 2016-12-03 | 5.0 MEDIUM | N/A |
| Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters. | |||||
| CVE-2015-2779 | 1 Quassel-irc | 1 Quassel | 2016-12-03 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage. | |||||
| CVE-2015-2786 | 1 Mybb | 1 Mybb | 2016-12-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders." | |||||
| CVE-2015-2788 | 1 Debian | 2 Dbd-firebird, Debian Linux | 2016-12-03 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns. | |||||
| CVE-2015-2789 | 1 Foxitsoftware | 1 Foxit Reader | 2016-12-03 | 4.4 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | |||||
| CVE-2015-2790 | 1 Foxitsoftware | 3 Enterprise Reader, Foxit Reader, Phantompdf | 2016-12-03 | 4.3 MEDIUM | N/A |
| Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. | |||||
| CVE-2015-2797 | 1 Airties | 13 Air 5021, Air 5341, Air 5342 and 10 more | 2016-12-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login. | |||||
| CVE-2015-2810 | 1 Hancom | 4 Hanword Viewer 2007, Hanword Viewer 2010, Hwp 2014 and 1 more | 2016-12-03 | 7.5 HIGH | N/A |
| Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly "influence the program's execution flow" via a document with a large paragraph size, which triggers heap corruption. | |||||
| CVE-2015-2821 | 1 Typo3 | 1 Neos | 2016-12-03 | 6.5 MEDIUM | N/A |
| TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors. | |||||
| CVE-2015-2825 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2016-12-03 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter. | |||||
| CVE-2015-2831 | 1 Das Watchdog Project | 1 Das Watchdog | 2016-12-03 | 7.2 HIGH | N/A |
| Buffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable. | |||||
| CVE-2015-2841 | 1 Citrix | 1 Netscaler | 2016-12-03 | 5.0 MEDIUM | N/A |
| Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types. | |||||
| CVE-2015-2344 | 2 Linux, Vmware | 2 Linux Kernel, Vrealize Automation | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2346 | 1 Huawei | 1 Seq Analyst | 2016-12-03 | 4.0 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. | |||||
| CVE-2015-2352 | 1 Mybb | 1 Mybb | 2016-12-03 | 7.5 HIGH | N/A |
| The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown vectors. | |||||
| CVE-2015-2562 | 1 Web-dorado | 1 Ecommerce Wd | 2016-12-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. | |||||
| CVE-2015-2579 | 1 Oracle | 1 Health Sciences Applications | 2016-12-03 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Sciences Applications 8.0 allows local users to affect confidentiality via vectors related to BIP Installer. | |||||
| CVE-2015-2667 | 1 Gns3 | 1 Gns3 | 2016-12-03 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory. | |||||
| CVE-2015-2676 | 1 Asus | 2 Rt-g32, Rt-g32 Firmware | 2016-12-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | |||||
| CVE-2015-2678 | 1 Genixcms | 1 Genixcms | 2016-12-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php. | |||||
| CVE-2015-2679 | 1 Genixcms | 1 Genixcms | 2016-12-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. | |||||
| CVE-2015-2680 | 1 Metalgenix | 1 Genixcms | 2016-12-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php. | |||||
| CVE-2015-2681 | 1 Asus | 2 Rt-g32, Rt-g32 Firmware | 2016-12-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm. | |||||
| CVE-2015-2684 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2016-12-03 | 4.0 MEDIUM | N/A |
| Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. | |||||
| CVE-2015-2701 | 1 Cs-cart | 1 Cs-cart | 2016-12-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. | |||||
| CVE-2015-2704 | 1 Realmd Project | 1 Realmd | 2016-12-03 | 5.0 MEDIUM | N/A |
| realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. | |||||
| CVE-2015-2753 | 2 Debian, Gaia-gis | 2 Debian Linux, Freexl | 2016-12-03 | 6.8 MEDIUM | N/A |
| FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook. | |||||
| CVE-2015-2757 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2016-12-03 | 4.0 MEDIUM | N/A |
| The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors. | |||||
| CVE-2015-2758 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2016-12-03 | 6.5 MEDIUM | N/A |
| The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL. | |||||