Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0846 | 1 Django-markupfield Project | 1 Django-markupfield | 2015-04-27 | 5.0 MEDIUM | N/A |
| django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors. | |||||
| CVE-2012-5451 | 1 Tvmobili | 1 Tvmobili | 2015-04-27 | 5.0 MEDIUM | N/A |
| Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888. | |||||
| CVE-2012-2930 | 1 Tinywebgallery | 1 Tinywebgallery | 2015-04-27 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php. | |||||
| CVE-2011-4403 | 1 Zen-cart | 1 Zen Cart | 2015-04-27 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.php. | |||||
| CVE-2015-0911 | 1 Dounokouno | 1 Transmitmail | 2015-04-24 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling. | |||||
| CVE-2015-0910 | 1 Dounokouno | 1 Transmitmail | 2015-04-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename. | |||||
| CVE-2015-0706 | 1 Cisco | 1 Firesight System Software | 2015-04-23 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966. | |||||
| CVE-2015-0707 | 1 Cisco | 1 Firesight System Software | 2015-04-23 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425. | |||||
| CVE-2015-3379 | 1 Views Project | 1 Views | 2015-04-23 | 4.0 MEDIUM | N/A |
| The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-3342 | 1 Ubercart Currency Conversion Project | 1 Ubercart Currency Conversion | 2015-04-23 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination query parameter. | |||||
| CVE-2015-1602 | 1 Siemens | 1 Simatic Step 7 | 2015-04-23 | 2.1 LOW | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files. | |||||
| CVE-2013-4866 | 1 Lixil | 1 My Satis Genius Toilet | 2015-04-23 | 3.3 LOW | N/A |
| The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort. | |||||
| CVE-2014-2237 | 1 Openstack | 1 Keystone | 2015-04-23 | 5.0 MEDIUM | N/A |
| The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions. | |||||
| CVE-2014-7839 | 1 Redhat | 1 Resteasy | 2015-04-23 | 6.4 MEDIUM | N/A |
| DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. | |||||
| CVE-2015-3357 | 1 Wishlist Project | 1 Wishlist | 2015-04-22 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message. | |||||
| CVE-2015-0969 | 1 Searchblox | 1 Searchblox | 2015-04-20 | 5.0 MEDIUM | N/A |
| SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. | |||||
| CVE-2015-0968 | 1 Searchblox | 1 Searchblox | 2015-04-20 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590. | |||||
| CVE-2015-0967 | 1 Searchblox | 1 Searchblox | 2015-04-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp. | |||||
| CVE-2015-0495 | 1 Oracle | 1 Commerce Guided Search And Experience Manager | 2015-04-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.x and 11.x allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Workbench. | |||||
| CVE-2014-9258 | 1 Glpi-project | 1 Glpi | 2015-04-18 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. | |||||
| CVE-2014-9428 | 1 Linux | 1 Linux Kernel | 2015-04-18 | 7.8 HIGH | N/A |
| The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets. | |||||
| CVE-2014-9447 | 1 Elfutils Project | 1 Elfutils | 2015-04-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. | |||||
| CVE-2015-0440 | 1 Oracle | 1 Right Now Service Cloud | 2015-04-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console. | |||||
| CVE-2015-1314 | 1 Usaa | 1 Mobile Banking | 2015-04-17 | 2.1 LOW | N/A |
| The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances. | |||||
| CVE-2015-0476 | 1 Oracle | 1 Sql Trace Analyzer | 2015-04-17 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the SQL Trace Analyzer component in Oracle Support Tools before 12.1.11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2015-0510 | 1 Oracle | 1 Commerce Platform | 2015-04-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface. | |||||
| CVE-2015-0907 | 1 Lhaplus | 1 Lhaplus | 2015-04-15 | 6.8 MEDIUM | N/A |
| Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive. | |||||
| CVE-2015-0906 | 1 Lhaplus | 1 Lhaplus | 2015-04-15 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. | |||||
| CVE-2015-0932 | 1 Antlabs | 7 Inngate Ig 3.00 E, Inngate Ig 3.01 E, Inngate Ig 3.02 E and 4 more | 2015-04-15 | 10.0 HIGH | N/A |
| The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. | |||||
| CVE-2014-8360 | 1 Glpi-project | 1 Glpi | 2015-04-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php. | |||||
| CVE-2014-5032 | 1 Glpi-project | 1 Glpi | 2015-04-15 | 5.0 MEDIUM | N/A |
| GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. | |||||
| CVE-2014-9311 | 1 Shareaholic | 1 Shareaholic | 2015-04-15 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-9146 | 1 Fiyo | 1 Fiyo Cms | 2015-04-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php. | |||||
| CVE-2014-9145 | 1 Fiyo | 1 Fiyo Cms | 2015-04-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter in an email action or (6) username parameter in a user action to dapur/apps/app_user/controller/check_user.php. | |||||
| CVE-2014-9706 | 2 Debian, Dulwich Project | 2 Debian Linux, Dulwich | 2015-04-15 | 7.5 HIGH | N/A |
| The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree. | |||||
| CVE-2015-2247 | 1 Boosted | 1 Boosted Boards | 2015-04-13 | 8.3 HIGH | N/A |
| Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "injection attack" that blocks and hijacks a Bluetooth signal. | |||||
| CVE-2013-6144 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6145 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6146 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6147 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6148 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6149 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6150 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6151 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6152 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6153 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6154 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6155 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6156 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6157 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||