Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8038 | 1 Fortinet | 1 Fortimanager Firmware | 2015-11-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog. | |||||
| CVE-2015-8037 | 1 Fortinet | 1 Fortimanager Firmware | 2015-11-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory. | |||||
| CVE-2015-0598 | 1 Cisco | 2 Ios, Ios Xe | 2015-11-02 | 6.8 MEDIUM | N/A |
| The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. | |||||
| CVE-2015-0594 | 1 Cisco | 2 Prime Lan Management Solution, Security Manager | 2015-11-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263. | |||||
| CVE-2015-0632 | 1 Cisco | 2 Ios, Ios Xe | 2015-11-02 | 5.7 MEDIUM | N/A |
| Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770. | |||||
| CVE-2015-0651 | 1 Cisco | 1 Application Networking Manager | 2015-11-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753. | |||||
| CVE-2015-0655 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2015-11-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184. | |||||
| CVE-2015-0656 | 1 Cisco | 3 Network Analysis Module 2304, Network Analysis Module 2320, Network Analysis Module Firmware | 2015-11-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. | |||||
| CVE-2015-0657 | 1 Cisco | 1 Ios Xr | 2015-11-02 | 5.0 MEDIUM | N/A |
| Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. | |||||
| CVE-2015-0659 | 1 Cisco | 1 Ios | 2015-11-02 | 5.0 MEDIUM | N/A |
| The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157. | |||||
| CVE-2015-0661 | 1 Cisco | 1 Ios Xr | 2015-11-02 | 4.0 MEDIUM | N/A |
| The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. | |||||
| CVE-2015-6032 | 1 Qolsys | 1 Iq Panel | 2015-11-02 | 9.3 HIGH | N/A |
| Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation. | |||||
| CVE-2015-6033 | 1 Qolsys | 1 Iq Panel | 2015-11-02 | 9.3 HIGH | N/A |
| Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update. | |||||
| CVE-2015-6343 | 1 Cisco | 1 Ios | 2015-11-02 | 5.0 MEDIUM | N/A |
| The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. | |||||
| CVE-2014-9033 | 1 Wordpress | 1 Wordpress | 2015-11-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords. | |||||
| CVE-2015-8028 | 1 Sap | 1 3d Visual Enterprise Viewer | 2015-11-02 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. | |||||
| CVE-2014-5458 | 1 Php-sqrl Project | 1 Php-sqrl | 2015-11-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter. | |||||
| CVE-2014-5399 | 1 Invensys | 1 Wonderware Information Server | 2015-11-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8029 | 1 Sap | 1 3d Visual Enterprise Viewer | 2015-11-02 | 6.8 MEDIUM | N/A |
| SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption. | |||||
| CVE-2014-5389 | 1 Content Audit Project | 1 Content Audit | 2015-11-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php. | |||||
| CVE-2015-8030 | 1 Sap | 1 3d Visual Enterprise Viewer | 2015-11-02 | 6.8 MEDIUM | N/A |
| SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities. | |||||
| CVE-2014-1253 | 1 Apple | 1 Boot Camp | 2015-11-02 | 4.7 MEDIUM | N/A |
| AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file. | |||||
| CVE-2015-5671 | 1 Techno Project Japan | 1 Enisys Gw | 2015-10-30 | 5.0 MEDIUM | N/A |
| Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. | |||||
| CVE-2015-5669 | 1 Techno Project Japan | 1 Enisys Gw | 2015-10-30 | 6.5 MEDIUM | N/A |
| Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-5670 | 1 Techno Project Japan | 1 Enisys Gw | 2015-10-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5668 | 1 Techno Project Japan | 1 Enisys Gw | 2015-10-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-3230 | 1 Fedoraproject | 1 389 Directory Server | 2015-10-30 | 7.5 HIGH | N/A |
| 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher. | |||||
| CVE-2015-6006 | 1 Medicomp | 1 Medcin Engine | 2015-10-30 | 7.5 HIGH | N/A |
| The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet on port 8190. | |||||
| CVE-2015-7859 | 1 Joomla | 1 Joomla\! | 2015-10-30 | 5.0 MEDIUM | N/A |
| The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-7899 | 1 Joomla | 1 Joomla\! | 2015-10-30 | 5.0 MEDIUM | N/A |
| The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-8967 | 1 Microsoft | 1 Internet Explorer | 2015-10-30 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference counting. | |||||
| CVE-2014-3397 | 1 Cisco | 1 Telepresence Mcu Software | 2015-10-30 | 7.8 HIGH | N/A |
| The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468. | |||||
| CVE-2015-5629 | 1 Ntt-bp | 1 Japan Connected-free Wi-fi | 2015-10-29 | 6.8 MEDIUM | N/A |
| The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
| CVE-2015-2898 | 1 Medicomp | 1 Medcin Engine | 2015-10-29 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx na_setgroupsequenceex function, (2) the FormatDate julptostr function, and (3) the UserFindingCodes addtocl function. | |||||
| CVE-2015-2899 | 1 Medicomp | 1 Medcin Engine | 2015-10-29 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list name in a packet on port 8190. | |||||
| CVE-2015-2901 | 1 Medicomp | 1 Medcin Engine | 2015-10-29 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty info_getproperty function and (2) the GetProperty UdfCodeList function. | |||||
| CVE-2015-2900 | 1 Medicomp | 1 Medcin Engine | 2015-10-29 | 6.8 MEDIUM | N/A |
| The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted packet on port 8190. | |||||
| CVE-2015-6034 | 1 Epson | 1 Network Utility | 2015-10-29 | 6.9 MEDIUM | N/A |
| EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2011-2223 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2015-10-29 | 5.0 MEDIUM | N/A |
| The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2011-2224 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2015-10-29 | 4.3 MEDIUM | N/A |
| The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2011-2221 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2015-10-29 | 5.0 MEDIUM | N/A |
| The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. | |||||
| CVE-2011-2222 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2015-10-29 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2015-7903 | 1 Infinite Automation Systems | 1 Mango Automation | 2015-10-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-7904 | 1 Infinite Automation Systems | 1 Mango Automation | 2015-10-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file. | |||||
| CVE-2015-6494 | 1 Infinite Automation Systems | 1 Mango Automation | 2015-10-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-7900 | 1 Infinite Automation Systems | 1 Mango Automation | 2015-10-28 | 4.3 MEDIUM | N/A |
| Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page. | |||||
| CVE-2015-6490 | 1 Rockwellautomation | 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware | 2015-10-28 | 10.0 HIGH | N/A |
| Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-6491 | 1 Rockwellautomation | 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware | 2015-10-28 | 4.0 MEDIUM | N/A |
| Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. | |||||
| CVE-2015-6492 | 1 Rockwellautomation | 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware | 2015-10-28 | 7.8 HIGH | N/A |
| Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. | |||||
| CVE-2015-6493 | 1 Infinite Automation Systems | 1 Mango Automation | 2015-10-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||||