Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-5075 |
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create. Published: September 29, 2015; 3:59:03 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5074 |
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension. Published: September 29, 2015; 3:59:02 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0299 |
Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: September 29, 2015; 3:59:00 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-5711 |
TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request. Published: September 29, 2015; 2:59:04 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-5442 |
Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. Published: September 29, 2015; 2:59:02 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2015-0852 |
Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. Published: September 29, 2015; 2:59:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-6927 |
vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel. Published: September 28, 2015; 4:59:09 PM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2015-6806 |
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value. Published: September 28, 2015; 4:59:06 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5957 |
Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name. Published: September 28, 2015; 4:59:04 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-5400 |
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. Published: September 28, 2015; 4:59:03 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5185 |
The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet. Published: September 28, 2015; 4:59:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1781 |
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. Published: September 28, 2015; 4:59:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5703 |
SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Published: September 28, 2015; 12:59:09 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2015-5375 |
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties. Published: September 28, 2015; 12:59:08 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5372 |
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate. Published: September 28, 2015; 12:59:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5279 |
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. Published: September 28, 2015; 12:59:02 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-3203 |
Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the href parameter. Published: September 28, 2015; 12:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-7387 |
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200. Published: September 28, 2015; 11:59:04 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-7386 |
Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields. Published: September 28, 2015; 11:59:03 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-6928 |
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter. Published: September 28, 2015; 11:59:01 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |