Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6967 | 1 Nibbleblog | 1 Nibbleblog | 2015-09-17 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php. | |||||
| CVE-2015-0512 | 1 Emc | 1 Unisphere Central | 2015-09-17 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | |||||
| CVE-2015-0581 | 1 Cisco | 1 Prime Service Catalog | 2015-09-17 | 7.5 HIGH | N/A |
| The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880. | |||||
| CVE-2015-6968 | 1 S9y | 1 Serendipity | 2015-09-16 | 6.5 MEDIUM | N/A |
| Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension. | |||||
| CVE-2015-5997 | 1 Impero | 1 Impero Education Pro | 2015-09-16 | 7.8 HIGH | N/A |
| Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data. | |||||
| CVE-2015-1063 | 1 Apple | 1 Iphone Os | 2015-09-11 | 7.8 HIGH | N/A |
| CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message. | |||||
| CVE-2015-0133 | 1 Ibm | 1 Websphere Commerce | 2015-09-11 | 5.0 MEDIUM | N/A |
| IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-2130 | 1 Znc | 1 Znc | 2015-09-10 | 4.0 MEDIUM | N/A |
| ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp. | |||||
| CVE-2015-5510 | 1 Content Construction Kit Project | 1 Content Construction Kit | 2015-09-03 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages. | |||||
| CVE-2015-5503 | 1 Chamilo Integration Project | 1 Chamilo Integration | 2015-09-03 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | |||||
| CVE-2015-2904 | 1 Actiontec | 2 Ncs01 Firmware, Gt784wn Wireless N Dsl Modem | 2015-08-24 | 8.3 HIGH | N/A |
| Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface. | |||||
| CVE-2015-5681 | 1 Wpslideshow | 1 Powerplay Gallery | 2015-08-19 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/. | |||||
| CVE-2014-2283 | 1 Wireshark | 1 Wireshark | 2015-08-12 | 4.3 MEDIUM | N/A |
| epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. | |||||
| CVE-2014-9207 | 1 Cimon | 2 Cmnview, Ultimateaccess | 2015-08-06 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2015-5359 | 1 Juniper | 1 Junos | 2015-07-16 | 7.1 HIGH | N/A |
| Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (NULL pointer dereference and RDP crash) via a large number of BGP-VPLS advertisements with updated BGP local preference values. | |||||
| CVE-2014-9737 | 1 Language Switcher Dropdown Project | 1 Language Switcher Dropdown | 2015-07-08 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block. | |||||
| CVE-2015-4363 | 1 Finder Project | 1 Finder | 2015-06-30 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2015-0196 | 1 Ibm | 1 Websphere Commerce | 2015-06-29 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||||
| CVE-2015-0126 | 1 Ibm | 1 Leads | 2015-06-29 | 6.5 MEDIUM | N/A |
| IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to bypass intended file-upload restrictions via a modified extension. | |||||
| CVE-2015-4371 | 1 Perfecto Project | 1 Perfecto | 2015-06-26 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | |||||