|
277801
|
- |
|
zohocorp
|
manageengine_netflow_analyzer
|
Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2960
|
2024-11-21 11:28 |
2015-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277802
|
- |
|
zohocorp
|
manageengine_netflow_analyzer
|
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by l…
|
CWE-284
Improper Access Control
|
CVE-2015-2959
|
2024-11-21 11:28 |
2015-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277803
|
- |
|
redhat
|
thermostat
|
Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.
|
CWE-200
Information Exposure
|
CVE-2015-3201
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277804
|
- |
|
sysaid
|
sysaid
|
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by lever…
|
CWE-255
Credentials Management
|
CVE-2015-3001
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277805
|
- |
|
sysaid
|
sysaid
|
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2…
|
CWE-399
Resource Management Errors
|
CVE-2015-3000
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277806
|
- |
|
sysaid
|
sysaid
|
Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /ge…
|
CWE-89
SQL Injection
|
CVE-2015-2999
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277807
|
- |
|
sysaid
|
sysaid
|
SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-IN…
|
CWE-200
Information Exposure
|
CVE-2015-2998
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277808
|
- |
|
sysaid
|
sysaid
|
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal…
|
CWE-200
Information Exposure
|
CVE-2015-2997
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277809
|
- |
|
sysaid
|
sysaid
|
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2…
|
CWE-22
Path Traversal
|
CVE-2015-2996
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277810
|
- |
|
sysaid
|
sysaid
|
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extensi…
|
CWE-22
Path Traversal
|
CVE-2015-2995
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
