Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6011 | 1 Refbase | 1 Refbase | 2015-09-29 | 5.0 MEDIUM | N/A |
| Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php. | |||||
| CVE-2015-1317 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2015-09-29 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists. | |||||
| CVE-2014-9403 | 1 Znc | 1 Znc | 2015-09-29 | 4.0 MEDIUM | N/A |
| The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error. | |||||
| CVE-2015-6456 | 1 Ge | 1 Mds Pulsenet | 2015-09-23 | 9.0 HIGH | N/A |
| GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. | |||||
| CVE-2015-7303 | 1 Avira | 1 Management Console | 2015-09-23 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header. | |||||
| CVE-2015-7228 | 1 Restful Project | 1 Restful | 2015-09-22 | 5.0 MEDIUM | N/A |
| The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-6967 | 1 Nibbleblog | 1 Nibbleblog | 2015-09-17 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php. | |||||
| CVE-2015-0512 | 1 Emc | 1 Unisphere Central | 2015-09-17 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | |||||
| CVE-2015-0581 | 1 Cisco | 1 Prime Service Catalog | 2015-09-17 | 7.5 HIGH | N/A |
| The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880. | |||||
| CVE-2015-6968 | 1 S9y | 1 Serendipity | 2015-09-16 | 6.5 MEDIUM | N/A |
| Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension. | |||||
| CVE-2015-5997 | 1 Impero | 1 Impero Education Pro | 2015-09-16 | 7.8 HIGH | N/A |
| Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data. | |||||
| CVE-2015-1063 | 1 Apple | 1 Iphone Os | 2015-09-11 | 7.8 HIGH | N/A |
| CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message. | |||||
| CVE-2015-0133 | 1 Ibm | 1 Websphere Commerce | 2015-09-11 | 5.0 MEDIUM | N/A |
| IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-2130 | 1 Znc | 1 Znc | 2015-09-10 | 4.0 MEDIUM | N/A |
| ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp. | |||||
| CVE-2015-5510 | 1 Content Construction Kit Project | 1 Content Construction Kit | 2015-09-03 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages. | |||||
| CVE-2015-5503 | 1 Chamilo Integration Project | 1 Chamilo Integration | 2015-09-03 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | |||||
| CVE-2015-2904 | 1 Actiontec | 2 Ncs01 Firmware, Gt784wn Wireless N Dsl Modem | 2015-08-24 | 8.3 HIGH | N/A |
| Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface. | |||||
| CVE-2015-5681 | 1 Wpslideshow | 1 Powerplay Gallery | 2015-08-19 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/. | |||||
| CVE-2014-9207 | 1 Cimon | 2 Cmnview, Ultimateaccess | 2015-08-06 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2015-5359 | 1 Juniper | 1 Junos | 2015-07-16 | 7.1 HIGH | N/A |
| Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (NULL pointer dereference and RDP crash) via a large number of BGP-VPLS advertisements with updated BGP local preference values. | |||||