Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1956 | 1 Ibm | 1 Websphere Mq Light | 2015-08-04 | 7.8 HIGH | N/A |
| IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 and CVE-2015-1987. | |||||
| CVE-2015-1958 | 1 Ibm | 1 Websphere Mq Light | 2015-08-04 | 7.8 HIGH | N/A |
| IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987. | |||||
| CVE-2015-1970 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance Firmware | 2015-08-04 | 2.1 LOW | N/A |
| The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere. | |||||
| CVE-2011-5324 | 1 Gehealthcare | 1 Centricity Pacs-iw | 2015-08-04 | 10.0 HIGH | N/A |
| The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
| CVE-2015-1009 | 2 Indusoft, Wonderware | 2 Web Studio, Intouch | 2015-08-04 | 1.7 LOW | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2014-7234 | 2015-08-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7233. Reason: This issue was MERGED into CVE-2014-7233 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-7233 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2015-5618 | 1 Chiyutw | 2 Bf-630, Bf-630w | 2015-08-03 | 7.5 HIGH | N/A |
| Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice.htm or (b) UniFinger configuration settings via a request to bf.htm, a different vulnerability than CVE-2015-2871. | |||||
| CVE-2015-2870 | 1 Chiyutw | 3 Bf-630, Bf-630w, Bf-660c | 2015-08-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. | |||||
| CVE-2015-2212 | 2015-08-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-5623. Reason: This candidate is a reservation duplicate of CVE-2015-5623. Notes: All CVE users should reference CVE-2015-5623 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-3738 | 1 Zenoss | 1 Zenoss | 2015-08-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device. | |||||
| CVE-2014-3247 | 1 O-dyn | 1 Collabtive | 2015-08-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php. | |||||
| CVE-2014-3414 | 1 Sharetronix | 1 Sharetronix | 2015-08-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a user via the admin parameter to admin/administrators. | |||||
| CVE-2014-3415 | 1 Sharetronix | 1 Sharetronix | 2015-08-01 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group. | |||||
| CVE-2014-3115 | 1 Fortinet | 1 Fortiweb | 2015-08-01 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. | |||||
| CVE-2014-2947 | 1 Bizagi | 1 Business Process Management Suite | 2015-08-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter. | |||||
| CVE-2014-2975 | 1 Silver-peak | 1 Vx | 2015-08-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | |||||
| CVE-2014-0745 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2015-08-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502. | |||||
| CVE-2014-0746 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2015-08-01 | 4.0 MEDIUM | N/A |
| The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536. | |||||
| CVE-2014-0747 | 1 Cisco | 1 Unified Communications Manager | 2015-08-01 | 6.8 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. | |||||
| CVE-2014-2916 | 1 Phplist | 1 Phplist | 2015-08-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. | |||||
| CVE-2014-0740 | 1 Cisco | 1 Unified Communications Manager | 2015-08-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. | |||||
| CVE-2015-4246 | 2015-07-31 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none. | |||||
| CVE-2014-1975 | 1 R-company | 1 Unzipper | 2015-07-30 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. | |||||
| CVE-2014-2236 | 1 Askbot | 1 Askbot | 2015-07-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms. | |||||
| CVE-2014-2235 | 1 Askbot | 1 Askbot | 2015-07-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allows remote attackers to inject arbitrary web script or HTML via vectors related to the question search form. | |||||
| CVE-2014-2080 | 1 Modx | 1 Modx Revolution | 2015-07-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter. | |||||
| CVE-2013-5015 | 1 Symantec | 2 Endpoint Protection Manager, Protection Center | 2015-07-30 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-1971 | 1 Silexlabs | 1 Silex | 2015-07-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5013 | 1 Symantec | 1 Web Gateway | 2015-07-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors. | |||||
| CVE-2014-1968 | 1 Riken | 1 Xoonips | 2015-07-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2639 | 1 Ctera | 1 Cloud Storage Os | 2015-07-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder. | |||||
| CVE-2014-0742 | 1 Cisco | 1 Unified Communications Manager | 2015-07-29 | 6.2 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. | |||||
| CVE-2015-4288 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance, Web Security Appliance | 2015-07-29 | 4.3 MEDIUM | N/A |
| The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. | |||||
| CVE-2015-4287 | 1 Cisco | 1 Firepower Extensible Operating System | 2015-07-29 | 5.0 MEDIUM | N/A |
| Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. | |||||
| CVE-2015-2979 | 1 Webservice-dic | 1 Yoyaku | 2015-07-29 | 7.5 HIGH | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-2978 | 1 Webservice-dic | 1 Yoyaku | 2015-07-29 | 5.0 MEDIUM | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation." | |||||
| CVE-2015-2977 | 1 Webservice-dic | 1 Yoyaku | 2015-07-29 | 7.5 HIGH | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors. | |||||
| CVE-2015-2974 | 1 Lemon-s Php | 1 Gazou Bbs Plus | 2015-07-29 | 5.0 MEDIUM | N/A |
| LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file. | |||||
| CVE-2014-5322 | 1 Filemaker | 2 Filemaker Pro, Filemaker Pro Advanced | 2015-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640. | |||||
| CVE-2014-5330 | 1 Birdblog | 1 Birdblog | 2015-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BirdBlog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5331 | 1 Aptana | 1 Aflax | 2015-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5319 | 1 S-link | 1 Slfilemanager | 2015-07-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors. | |||||
| CVE-2014-2314 | 2 Atlassian, Microsoft | 2 Jira, Windows | 2015-07-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. | |||||
| CVE-2014-2102 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2015-07-29 | 4.0 MEDIUM | N/A |
| Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575. | |||||
| CVE-2014-1843 | 1 Southrivertech | 1 Titan Ftp Server | 2015-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter. | |||||
| CVE-2014-1842 | 1 Southrivertech | 1 Titan Ftp Server | 2015-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value. | |||||
| CVE-2014-0743 | 1 Cisco | 1 Unified Communications Manager | 2015-07-29 | 5.0 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. | |||||
| CVE-2014-1841 | 1 Southrivertech | 1 Titan Ftp Server | 2015-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter. | |||||
| CVE-2014-0741 | 1 Cisco | 1 Unified Communications Manager | 2015-07-29 | 6.2 MEDIUM | N/A |
| The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. | |||||
| CVE-2013-1096 | 1 Novell | 1 Identity Manager Roles Based Provisioning Module | 2015-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId. | |||||