Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-74
Total 1786 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0116 1 Ibm 1 Leads 2016-05-26 3.5 LOW N/A
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
CVE-2015-7466 1 Ibm 1 Jazz Reporting Service 2016-01-12 4.0 MEDIUM 3.1 LOW
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors.
CVE-2015-0169 1 Ibm 1 Security Siteprotector System 2015-05-26 4.0 MEDIUM N/A
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors.
CVE-2015-0931 1 Ektron 1 Ektron Content Management System 2015-02-17 6.8 MEDIUM N/A
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.
CVE-2015-1169 1 Apereo 1 Central Authentication Service 2015-02-11 7.5 HIGH N/A
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
CVE-2014-8423 1 Arris 1 Vap2500 Firmware 2014-11-28 10.0 HIGH N/A
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.