Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2861 | 1 Vestacp | 1 Vesta Control Panel | 2016-12-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-2946 | 1 Ocf | 1 Sxf Common Library | 2016-12-02 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the Open CAD Format Council SXF common library before 3.30 allows remote attackers to execute arbitrary code via a crafted CAD file. | |||||
| CVE-2015-2948 | 1 Zenphoto | 1 Zenphoto | 2016-12-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2949 | 1 Zenphoto | 1 Zenphoto | 2016-12-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2950 | 1 Open Explorer Beta Project | 1 Open Explorer Beta | 2016-12-02 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. | |||||
| CVE-2015-2951 | 1 F21 | 1 Jwt | 2016-12-02 | 5.0 MEDIUM | N/A |
| JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens. | |||||
| CVE-2015-2952 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2016-12-02 | 6.5 MEDIUM | N/A |
| The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958. | |||||
| CVE-2015-2953 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2016-12-02 | 5.0 MEDIUM | N/A |
| Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2958. | |||||
| CVE-2015-2954 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2016-12-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-2955 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2016-12-02 | 7.5 HIGH | N/A |
| Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-2956 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2016-12-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-2957 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2016-12-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2958 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2016-12-02 | 6.4 MEDIUM | N/A |
| Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953. | |||||
| CVE-2015-2962 | 1 Cgi Rescue | 1 Blobee | 2016-12-02 | 7.5 HIGH | N/A |
| CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors. | |||||
| CVE-2015-2963 | 1 Thoughtbot | 1 Paperclip | 2016-12-02 | 4.3 MEDIUM | N/A |
| The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg. | |||||
| CVE-2015-2964 | 1 Namshi | 1 Namshi\/jose | 2016-12-02 | 5.0 MEDIUM | N/A |
| NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens (JWT) header. | |||||
| CVE-2015-2965 | 1 Oscommerce | 1 Oscommerce | 2016-12-02 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-3002 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2016-12-02 | 6.9 MEDIUM | N/A |
| Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device. | |||||
| CVE-2015-3003 | 1 Juniper | 1 Junos | 2016-12-02 | 7.2 HIGH | N/A |
| Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments. | |||||
| CVE-2015-3004 | 1 Juniper | 1 Junos | 2016-12-02 | 4.3 MEDIUM | N/A |
| J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, and 14.2 before 14.2R1 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. | |||||