Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0723 | 1 Cisco | 1 Unified Communications Manager | 2015-09-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343. | |||||
| CVE-2015-5997 | 1 Impero | 1 Impero Education Pro | 2015-09-16 | 7.8 HIGH | N/A |
| Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data. | |||||
| CVE-2015-5998 | 1 Impero | 1 Impero Education Pro | 2015-09-16 | 10.0 HIGH | N/A |
| Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command. | |||||
| CVE-2015-5197 | 2015-09-15 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2015-6915 | 1 Montala | 1 Resourcespace | 2015-09-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php. | |||||
| CVE-2015-6914 | 1 Mindbite | 1 Sitefactory Cms | 2015-09-14 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx. | |||||
| CVE-2015-6286 | 1 Cisco | 1 Application Visibility And Control | 2015-09-14 | 5.7 MEDIUM | N/A |
| Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016. | |||||
| CVE-2015-5630 | 1 Ntt-bp | 1 Japan Connected-free Wi-fi | 2015-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID. | |||||
| CVE-2015-6466 | 1 Moxa | 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more | 2015-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. | |||||
| CVE-2015-6464 | 1 Moxa | 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more | 2015-09-14 | 8.5 HIGH | N/A |
| The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. | |||||
| CVE-2015-5631 | 1 Canon | 1 Pixma Mg7500 Series Inkjet Printer | 2015-09-14 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2015-6921 | 1 Zendesk | 1 Zendesk Feedback Tab | 2015-09-14 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6919 | 1 Googlesearch Project | 1 Googlesearch | 2015-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php. | |||||
| CVE-2015-5226 | 2015-09-12 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2015-5270 | 2015-09-12 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2015-2990 | 1 Neojapan | 1 Desknet Neo | 2015-09-11 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter. | |||||
| CVE-2015-6751 | 1 Time Tracker Project | 1 Time Tracker | 2015-09-11 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries. | |||||
| CVE-2015-1128 | 1 Apple | 1 Safari | 2015-09-11 | 5.0 MEDIUM | N/A |
| The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests. | |||||
| CVE-2015-1149 | 1 Apple | 1 Xcode | 2015-09-11 | 7.5 HIGH | N/A |
| Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion. | |||||
| CVE-2015-1125 | 1 Apple | 1 Iphone Os | 2015-09-11 | 4.3 MEDIUM | N/A |
| The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. | |||||