Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5954 | 1 Owncloud | 1 Owncloud | 2015-10-22 | 4.0 MEDIUM | N/A |
| The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder. | |||||
| CVE-2015-6482 | 1 3s-software | 1 Codesys Runtime System | 2015-10-19 | 5.0 MEDIUM | N/A |
| Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. | |||||
| CVE-2015-7765 | 1 Zohocorp | 1 Manageengine Opmanager | 2015-10-09 | 9.0 HIGH | N/A |
| ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password. | |||||
| CVE-2015-7684 | 1 Glpi-project | 1 Glpi | 2015-10-06 | 9.0 HIGH | N/A |
| Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/_tmp/. | |||||
| CVE-2015-2030 | 1 Ibm | 1 Websphere Extreme Scale | 2015-10-05 | 5.0 MEDIUM | N/A |
| IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2015-2029 | 1 Ibm | 1 Websphere Extreme Scale | 2015-10-05 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier. | |||||
| CVE-2015-2028 | 1 Ibm | 1 Websphere Extreme Scale | 2015-10-05 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||||
| CVE-2015-2858 | 1 Datalex | 1 Airline Booking Software | 2015-10-02 | 7.5 HIGH | N/A |
| Datalex airline booking software before 2015-09-03 allows remote attackers to read or write to arbitrary user data via a modified profileId parameter to (1) ValidateFormAction.do or (2) ProfileConfirmEditAddressAction.do. | |||||
| CVE-2015-7296 | 1 Securifi | 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more | 2015-09-30 | 4.3 MEDIUM | N/A |
| Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. | |||||
| CVE-2015-2914 | 1 Securifi | 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more | 2015-09-30 | 5.0 MEDIUM | N/A |
| Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. | |||||
| CVE-2015-3203 | 1 H5ai Project | 1 H5ai | 2015-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the href parameter. | |||||
| CVE-2015-6463 | 2 Codewrights, Endress\+hauser | 2 Hart Comm Dtm, Hart Comm Dtm | 2015-09-29 | 5.8 MEDIUM | N/A |
| CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a longtag XML schema containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-6454 | 1 Everest | 1 Peakhmi | 2015-09-28 | 5.0 MEDIUM | N/A |
| Everest PeakHMI before 8.7.0.2, when the video server is used, allows remote attackers to cause a denial of service (incorrect pointer dereference and daemon crash) via a crafted packet. | |||||
| CVE-2015-6012 | 1 Refbase | 1 Refbase | 2015-09-28 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter. | |||||
| CVE-2015-6011 | 1 Refbase | 1 Refbase | 2015-09-28 | 5.0 MEDIUM | N/A |
| Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php. | |||||
| CVE-2015-1317 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2015-09-28 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists. | |||||
| CVE-2014-9403 | 1 Znc | 1 Znc | 2015-09-28 | 4.0 MEDIUM | N/A |
| The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error. | |||||
| CVE-2015-6456 | 1 Ge | 1 Mds Pulsenet | 2015-09-23 | 9.0 HIGH | N/A |
| GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. | |||||
| CVE-2015-7303 | 1 Avira | 1 Management Console | 2015-09-22 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header. | |||||
| CVE-2015-7228 | 1 Restful Project | 1 Restful | 2015-09-21 | 5.0 MEDIUM | N/A |
| The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||