Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1516 | 1 Polycom | 1 Realpresence Cloudaxis Suite | 2015-09-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5510 | 1 Content Construction Kit Project | 1 Content Construction Kit | 2015-09-03 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages. | |||||
| CVE-2015-5503 | 1 Chamilo Integration Project | 1 Chamilo Integration | 2015-09-03 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | |||||
| CVE-2015-5487 | 1 Techsmith | 1 Camtasia Relay | 2015-09-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab. | |||||
| CVE-2015-5498 | 1 Shipwire Api Project | 1 Shipwire Api | 2015-09-03 | 5.0 MEDIUM | N/A |
| The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page. | |||||
| CVE-2015-4289 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2015-09-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920. | |||||
| CVE-2015-4286 | 1 Cisco | 1 Unified Computing System Central Software | 2015-09-03 | 5.0 MEDIUM | N/A |
| The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | |||||
| CVE-2015-4285 | 1 Cisco | 1 Ios Xr | 2015-09-03 | 5.0 MEDIUM | N/A |
| The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273. | |||||
| CVE-2014-8488 | 2 Fedoraproject, Yourls | 2 Fedora, Yourls | 2015-09-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality. | |||||
| CVE-2014-4955 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-09-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. | |||||
| CVE-2002-2445 | 1 Gehealthcare | 3 Millennium Mg, Millennium Myosight, Millennium Nc | 2015-09-03 | 10.0 HIGH | N/A |
| GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors. | |||||
| CVE-2014-4954 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-09-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page. | |||||
| CVE-2011-2687 | 1 Drupal | 1 Drupal | 2015-09-03 | 7.5 HIGH | N/A |
| Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table. | |||||
| CVE-2011-1763 | 1 Xen | 1 Xen | 2015-09-03 | 7.7 HIGH | N/A |
| The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port. | |||||
| CVE-2015-6587 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2015-09-02 | 4.0 MEDIUM | N/A |
| The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC. | |||||
| CVE-2014-4848 | 1 Blogstand Banner Plugin Project | 1 Blogstand-smart-banner | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id parameter to wp-admin/options-general.php. | |||||
| CVE-2014-5317 | 1 Php365 | 4 365 Links, 365 Links2, 365 Links\+ and 1 more | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4846 | 1 Matchalabs | 1 Metaslider | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php. | |||||
| CVE-2014-4847 | 1 Buffercode | 1 Random Banner | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php. | |||||
| CVE-2015-6727 | 2 Canonical, Mediawiki | 2 Ubuntu Linux, Mediawiki | 2015-09-02 | 5.0 MEDIUM | N/A |
| The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | |||||