Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-2986 |
Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 05, 2015; 1:59:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-2985 |
Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 05, 2015; 1:59:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-6276 |
Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501. Published: September 04, 2015; 10:59:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5986 |
openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. Published: September 04, 2015; 10:59:04 PM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2015-5722 |
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. Published: September 04, 2015; 10:59:03 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-2991 |
Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data. Published: September 04, 2015; 10:59:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-2990 |
Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter. Published: September 04, 2015; 10:59:00 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-6812 |
Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL. Published: September 04, 2015; 1:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-6811 |
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. Published: September 04, 2015; 11:59:09 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-6810 |
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/. Published: September 04, 2015; 11:59:08 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-6809 |
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection. Published: September 04, 2015; 11:59:06 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-6808 |
Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. Published: September 04, 2015; 11:59:05 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-6807 |
Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label. Published: September 04, 2015; 11:59:04 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-5688 |
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. Published: September 04, 2015; 11:59:02 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5612 |
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image. Published: September 04, 2015; 11:59:01 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-9605 |
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate. Published: September 04, 2015; 11:59:00 AM -0400 |
V3.x:(not available) V2.0: 9.4 HIGH |
CVE-2015-6259 |
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. Published: September 03, 2015; 9:59:02 PM -0400 |
V3.x:(not available) V2.0: 9.4 HIGH |
CVE-2015-4544 |
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626. Published: September 03, 2015; 9:59:01 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2015-4538 |
The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: September 03, 2015; 9:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-6583 |
Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc. Published: September 03, 2015; 6:59:16 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |