Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1460 |
Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. Published: February 03, 2015; 11:59:32 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1459 |
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. Published: February 03, 2015; 11:59:31 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1458 |
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. Published: February 03, 2015; 11:59:30 AM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2015-1457 |
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. Published: February 03, 2015; 11:59:29 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-1456 |
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. Published: February 03, 2015; 11:59:28 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-1455 |
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. Published: February 03, 2015; 11:59:27 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1441 |
SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: February 03, 2015; 11:59:26 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1433 |
program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email. Published: February 03, 2015; 11:59:24 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1428 |
Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php. Published: February 03, 2015; 11:59:23 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1405 |
SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: February 03, 2015; 11:59:22 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1404 |
Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: February 03, 2015; 11:59:21 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1403 |
SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: February 03, 2015; 11:59:20 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1402 |
Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: February 03, 2015; 11:59:19 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1400 |
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. Published: February 03, 2015; 11:59:16 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1384 |
Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid parameter in the BannerEffectOptions page to wp-admin/options-general.php. Published: February 03, 2015; 11:59:14 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1382 |
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. Published: February 03, 2015; 11:59:13 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1381 |
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Published: February 03, 2015; 11:59:12 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1380 |
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. Published: February 03, 2015; 11:59:11 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1348 |
Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface. Published: February 03, 2015; 11:59:10 AM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-9633 |
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. Published: February 03, 2015; 11:59:09 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |