Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1598 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 2.1 LOW | N/A |
| The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem. | |||||
| CVE-2015-1597 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 6.8 MEDIUM | N/A |
| The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream. | |||||
| CVE-2014-9369 | 1 Siemens | 6 Spc4000, Spc4000 Firmware, Spc5000 and 3 more | 2015-03-09 | 7.8 HIGH | N/A |
| Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets. | |||||
| CVE-2015-0895 | 1 Tips And Tricks Hq | 1 All In One Wordpress Security And Firewall | 2015-03-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. | |||||
| CVE-2015-0894 | 1 Tips And Tricks Hq | 1 All In One Wordpress Security And Firewall | 2015-03-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-9371 | 1 Zohocorp | 1 Manageengine Desktop Central | 2015-03-06 | 10.0 HIGH | N/A |
| The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | |||||
| CVE-2015-0607 | 1 Cisco | 1 Ios | 2015-03-06 | 4.3 MEDIUM | N/A |
| The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. | |||||
| CVE-2014-9688 | 1 Ninjaforms | 1 Ninja Forms | 2015-03-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. | |||||
| CVE-2015-2215 | 1 Services Single Sign-on Server Helper Project | 1 Services Single Sign-on Server Helper | 2015-03-05 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | |||||
| CVE-2013-4709 | 1 Iij | 12 Seil\%2fb1 Firmware, Seil\%2fneu 2fe Plus Firmware, Seil\%2fturbo Firmware and 9 more | 2015-03-05 | 6.8 MEDIUM | N/A |
| Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 with firmware before 2.82, SEIL/X1 with firmware before 4.32, SEIL/X2 with firmware before 4.32, SEIL/B1 with firmware before 4.32, SEIL/Turbo with firmware before 2.16, and SEIL/neu 2FE Plus with firmware before 2.16 allows remote attackers to execute arbitrary code via a crafted L2TP message. | |||||
| CVE-2015-2199 | 1 Wonderplugin | 1 Audio Player | 2015-03-04 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. | |||||
| CVE-2015-2197 | 1 Entity Api Project | 1 Entity Api | 2015-03-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API. | |||||
| CVE-2015-2198 | 1 Beehive Forum | 1 Beehive Forum | 2015-03-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message. | |||||
| CVE-2015-2196 | 1 Web-dorado | 1 Spider Calendar | 2015-03-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-0934 | 1 Sharelatex | 1 Sharelatex | 2015-03-04 | 6.5 MEDIUM | N/A |
| Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | |||||
| CVE-2015-1031 | 1 Privoxy | 1 Privoxy | 2015-03-04 | 7.5 HIGH | N/A |
| Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2015-0933 | 1 Sharelatex | 1 Sharelatex | 2015-03-04 | 3.5 LOW | N/A |
| Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command. | |||||
| CVE-2015-0887 | 1 Iij | 8 Seil\/b1, Seil\/b1 Firmware, Seil\/x1 and 5 more | 2015-03-04 | 7.1 HIGH | N/A |
| npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.70 allows remote attackers to cause a denial of service (infinite loop and device hang) via a crafted SSTP packet. | |||||
| CVE-2015-0631 | 1 Cisco | 12 Ids 4210, Ids 4215, Ids 4220 and 9 more | 2015-03-04 | 7.1 HIGH | N/A |
| Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688. | |||||
| CVE-2015-0881 | 1 Squid-cache | 1 Squid | 2015-03-04 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. | |||||