Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6090 | 1 Ibm | 1 Curam Social Program Management | 2015-04-27 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and 6.0.5 before 6.0.5.6 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-0846 | 1 Django-markupfield Project | 1 Django-markupfield | 2015-04-27 | 5.0 MEDIUM | N/A |
| django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors. | |||||
| CVE-2012-5451 | 1 Tvmobili | 1 Tvmobili | 2015-04-27 | 5.0 MEDIUM | N/A |
| Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888. | |||||
| CVE-2012-2930 | 1 Tinywebgallery | 1 Tinywebgallery | 2015-04-27 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php. | |||||
| CVE-2011-4403 | 1 Zen-cart | 1 Zen Cart | 2015-04-27 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.php. | |||||
| CVE-2015-0911 | 1 Dounokouno | 1 Transmitmail | 2015-04-24 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling. | |||||
| CVE-2015-0910 | 1 Dounokouno | 1 Transmitmail | 2015-04-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename. | |||||
| CVE-2015-0706 | 1 Cisco | 1 Firesight System Software | 2015-04-23 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966. | |||||
| CVE-2015-0707 | 1 Cisco | 1 Firesight System Software | 2015-04-23 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425. | |||||
| CVE-2015-3379 | 1 Views Project | 1 Views | 2015-04-23 | 4.0 MEDIUM | N/A |
| The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-3342 | 1 Ubercart Currency Conversion Project | 1 Ubercart Currency Conversion | 2015-04-22 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination query parameter. | |||||
| CVE-2015-1602 | 1 Siemens | 1 Simatic Step 7 | 2015-04-22 | 2.1 LOW | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files. | |||||
| CVE-2015-0677 | 1 Cisco | 1 Adaptive Security Appliance Software | 2015-04-22 | 7.8 HIGH | N/A |
| The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290. | |||||
| CVE-2015-0676 | 1 Cisco | 1 Adaptive Security Appliance Software | 2015-04-22 | 7.1 HIGH | N/A |
| The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655. | |||||
| CVE-2013-4866 | 1 Lixil | 1 My Satis Genius Toilet | 2015-04-22 | 3.3 LOW | N/A |
| The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort. | |||||
| CVE-2014-2237 | 1 Openstack | 1 Keystone | 2015-04-22 | 5.0 MEDIUM | N/A |
| The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions. | |||||
| CVE-2014-7839 | 1 Redhat | 1 Resteasy | 2015-04-22 | 6.4 MEDIUM | N/A |
| DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. | |||||
| CVE-2015-3357 | 1 Wishlist Project | 1 Wishlist | 2015-04-22 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message. | |||||
| CVE-2015-0969 | 1 Searchblox | 1 Searchblox | 2015-04-20 | 5.0 MEDIUM | N/A |
| SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. | |||||
| CVE-2015-0968 | 1 Searchblox | 1 Searchblox | 2015-04-20 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590. | |||||