Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1053 |
Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile. Published: January 16, 2015; 10:59:02 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-9600 |
Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse itunesmobiledevice.dll. Published: January 16, 2015; 10:59:01 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2014-9599 |
Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php. Published: January 16, 2015; 10:59:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-9596 |
Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information. Published: January 15, 2015; 6:59:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0591 |
Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. Published: January 15, 2015; 5:59:06 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0588 |
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. Published: January 15, 2015; 5:59:05 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-8904 |
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. Published: January 15, 2015; 5:59:03 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2014-8034 |
Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. Published: January 15, 2015; 5:59:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8022 |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776. Published: January 15, 2015; 5:59:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-7881 |
Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: January 15, 2015; 5:59:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1052 |
Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php. Published: January 15, 2015; 10:59:32 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1051 |
Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. Published: January 15, 2015; 10:59:31 AM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-1050 |
Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account. Published: January 15, 2015; 10:59:30 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1041 |
Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING. Published: January 15, 2015; 10:59:29 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1040 |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view. Published: January 15, 2015; 10:59:28 AM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-1039 |
Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. Published: January 15, 2015; 10:59:27 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0552 |
Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo." Published: January 15, 2015; 10:59:26 AM -0500 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2014-9595 |
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271. Published: January 15, 2015; 10:59:25 AM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2014-9594 |
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734. Published: January 15, 2015; 10:59:24 AM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2014-9593 |
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. Published: January 15, 2015; 10:59:23 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |