Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4188 | 1 Hitachi | 2 Jp1\/performance Management-manager Web Option, Tuning Manager | 2015-09-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-4158 | 1 Senkas | 1 Kolibri | 2015-09-02 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request. | |||||
| CVE-2014-3976 | 1 A10networks | 1 Advanced Core Operating System | 2015-09-02 | 5.0 MEDIUM | N/A |
| Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-3892 | 1 Nexatechnologies | 1 Meridian | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3933 | 1 Newsignature | 1 Addressfield Tokens | 2015-09-02 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field. | |||||
| CVE-2013-7444 | 1 Mediawiki | 1 Mediawiki | 2015-09-02 | 5.0 MEDIUM | N/A |
| The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | |||||
| CVE-2012-5961 | 1 Libupnp Project | 1 Libupnp | 2015-09-02 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet. | |||||
| CVE-2015-6753 | 1 Quick Edit Project | 1 Quick Edit | 2015-09-01 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title. | |||||
| CVE-2015-6754 | 1 Path Breadcrumbs Project | 1 Path Breadcrumbs | 2015-09-01 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6752 | 1 Search Api Autocomplete Project | 1 Search Api Autocomplete | 2015-09-01 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions. | |||||
| CVE-2015-6750 | 1 Ricoh | 1 Dl-1 Sr10 | 2015-09-01 | 7.5 HIGH | N/A |
| Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2014-3148 | 1 Ok Web Server Project | 1 Ok Web Server | 2015-09-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page. | |||||
| CVE-2015-2135 | 1 Hp | 1 Intelligent Provisioning | 2015-09-01 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2014-2332 | 1 Check Mk Project | 1 Check Mk | 2015-09-01 | 5.5 MEDIUM | N/A |
| Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330. | |||||
| CVE-2014-2331 | 1 Check Mk Project | 1 Check Mk | 2015-09-01 | 8.5 HIGH | N/A |
| Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330. | |||||
| CVE-2012-5965 | 1 Portable Sdk For Upnp Project | 1 Portable Sdk For Upnp | 2015-09-01 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet. | |||||
| CVE-2012-5964 | 1 Portable Sdk For Upnp Project | 1 Portable Sdk For Upnp | 2015-09-01 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType (aka urn service) field in a UDP packet. | |||||
| CVE-2012-5963 | 1 Portable Sdk For Upnp Project | 1 Portable Sdk For Upnp | 2015-09-01 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet. | |||||
| CVE-2012-5962 | 1 Portable Sdk For Upnp Project | 1 Portable Sdk For Upnp | 2015-09-01 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn) field in a UDP packet. | |||||
| CVE-2006-3823 | 1 Geodesicsolutions | 2 Geoauctions Premier, Geoclassifieds Basic | 2015-09-01 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter. | |||||
| CVE-2014-2330 | 1 Check Mk Project | 1 Check Mk | 2015-09-01 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors. | |||||
| CVE-2014-2329 | 1 Check Mk Project | 1 Check Mk | 2015-09-01 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors. | |||||
| CVE-2015-6745 | 1 Basware | 1 Banking | 2015-08-31 | 4.6 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744. | |||||
| CVE-2015-6746 | 1 Basware | 1 Banking | 2015-08-31 | 2.1 LOW | N/A |
| Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types. | |||||
| CVE-2015-6747 | 1 Basware | 1 Banking | 2015-08-31 | 5.0 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6746. | |||||
| CVE-2015-6743 | 1 Basware | 1 Banking | 2015-08-31 | 6.5 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. | |||||
| CVE-2015-6744 | 1 Basware | 1 Banking | 2015-08-31 | 4.3 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt security-critical functions" by "dropping network traffic." NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. | |||||
| CVE-2015-6742 | 1 Basware | 1 Banking | 2015-08-31 | 6.5 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. | |||||
| CVE-2015-3966 | 1 Innominate | 1 Mguard Firmware | 2015-08-31 | 4.0 MEDIUM | N/A |
| The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression. | |||||
| CVE-2015-2987 | 1 Type74 | 1 Ed | 2015-08-31 | 2.6 LOW | N/A |
| Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits. | |||||
| CVE-2014-3913 | 1 Ericom | 1 Accessnow Server | 2015-08-31 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file. | |||||
| CVE-2014-3878 | 1 Ipswitch | 1 Imail Server | 2015-08-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. | |||||
| CVE-2015-1171 | 1 Gsm | 1 Sim Card Editor | 2015-08-31 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file. | |||||
| CVE-2015-0943 | 1 Basware | 1 Banking | 2015-08-31 | 5.8 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream. | |||||
| CVE-2015-0942 | 2015-08-31 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6742, CVE-2015-6743, CVE-2015-6744, CVE-2015-6745, CVE-2015-6746, CVE-2015-6747. Reason: This candidate originally combined multiple issues that have different vulnerability types and other complex abstraction issues. Notes: All CVE users should reference CVE-2015-6742, CVE-2015-6743, CVE-2015-6744, CVE-2015-6745, CVE-2015-6746, and CVE-2015-6747 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-4865 | 1 Cacheguard | 1 Cacheguardos | 2015-08-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-4596 | 1 Snapapp Project | 1 Snapapp | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter. | |||||
| CVE-2014-4710 | 1 Aas9 | 1 Zerocms | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field. | |||||
| CVE-2014-4570 | 1 Videowhisper | 1 Video Presentation | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/. | |||||
| CVE-2014-4571 | 1 Vn-calendar Project | 1 Vn-calendar | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter. | |||||
| CVE-2014-4587 | 1 Wp Guestmap Project | 1 Wp Guestmap Project | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php. | |||||
| CVE-2014-4594 | 1 Wordpress Responsive Preview Project | 1 Wordpress Responsive Preview | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2014-4545 | 1 Pro Quoter Plugin Project | 1 Pro Quoter | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) leftorright or (2) author parameter. | |||||
| CVE-2014-4549 | 1 Woocommerce Sagepay Direct Payment Gateway Project | 1 Woocommerce Sagepay Direct Payment Gateway | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter. | |||||
| CVE-2014-4554 | 1 Ss Downloads Project | 1 Ss Downloads | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2014-4569 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. | |||||
| CVE-2014-4543 | 1 Pay Per Media Player Project | 1 Pay Per Media Player | 2015-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, (7) bcolor, (8) msg, (9) id, or (10) size parameter. | |||||
| CVE-2014-4520 | 1 Dmca | 1 Dmca Watermarker | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter. | |||||
| CVE-2014-4502 | 2 Bfgminer, Sgminer Project | 2 Bfgminer, Sgminer | 2015-08-28 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request. | |||||
| CVE-2014-4515 | 1 Anyfont Plugin Project | 1 Anyfont | 2015-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter. | |||||