Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6463 | 2 Codewrights, Endress\+hauser | 2 Hart Comm Dtm, Hart Comm Dtm | 2015-09-29 | 5.8 MEDIUM | N/A |
| CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a longtag XML schema containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-7386 | 1 Ghozylab | 1 Gallery - Photo Albums - Portfolio | 2015-09-29 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields. | |||||
| CVE-2014-3871 | 1 Geodesicsolutions | 1 Geocore Max | 2015-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823. | |||||
| CVE-2014-3872 | 1 D-link | 2 Dap-1350, Dap-1350 Firmware | 2015-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. | |||||
| CVE-2012-6467 | 1 Opera | 1 Opera Browser | 2015-09-29 | 4.3 MEDIUM | N/A |
| Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012. | |||||
| CVE-2015-7383 | 1 Refbase | 1 Refbase | 2015-09-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or HTML via the (1) adminUserName, (2) pathToMYSQL, (3) databaseStructureFile, or (4) pathToBibutils parameter to install.php or the (5) adminUserName parameter to update.php. | |||||
| CVE-2015-7382 | 1 Refbase | 1 Refbase | 2015-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009. | |||||
| CVE-2015-7375 | 1 Indusoft | 1 Web Studio | 2015-09-28 | 7.5 HIGH | N/A |
| Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file. | |||||
| CVE-2015-7381 | 1 Refbase | 1 Refbase | 2015-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008. | |||||
| CVE-2015-6474 | 1 Ibc Solar | 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ | 2015-09-28 | 5.0 MEDIUM | N/A |
| IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code. | |||||
| CVE-2015-6475 | 1 Ibc Solar | 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ | 2015-09-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6470 | 1 Resource Data Management Data Manager | 1 Data Manager | 2015-09-28 | 5.5 MEDIUM | N/A |
| Resource Data Management Data Manager before 2.2 allows remote authenticated users to modify arbitrary passwords via unspecified vectors. | |||||
| CVE-2015-6469 | 1 Ibc Solar | 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ | 2015-09-28 | 5.0 MEDIUM | N/A |
| The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors. | |||||
| CVE-2015-6468 | 1 Resource Data Management Data Manager | 1 Data Manager | 2015-09-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-6454 | 1 Everest | 1 Peakhmi | 2015-09-28 | 5.0 MEDIUM | N/A |
| Everest PeakHMI before 8.7.0.2, when the video server is used, allows remote attackers to cause a denial of service (incorrect pointer dereference and daemon crash) via a crafted packet. | |||||
| CVE-2015-6012 | 1 Refbase | 1 Refbase | 2015-09-28 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter. | |||||
| CVE-2015-6011 | 1 Refbase | 1 Refbase | 2015-09-28 | 5.0 MEDIUM | N/A |
| Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php. | |||||
| CVE-2015-6010 | 1 Refbase | 1 Refbase | 2015-09-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or (13) sourceIDs parameter to import.php; or the (14) typeName or (15) fileName parameter to modify.php. | |||||
| CVE-2015-6007 | 1 Refbase | 1 Refbase | 2015-09-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-2349 | 1 Superwebmailer | 1 Superwebmailer | 2015-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in SuperWebMailer 5.60.0.01190 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTMLForm parameter. | |||||