|
278921
|
- |
|
openssl
|
openssl
|
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a Certific…
|
CWE-310
Cryptographic Issues
|
CVE-2015-0205
|
2024-11-21 11:22 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278922
|
- |
|
openssl
|
openssl
|
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and fa…
|
CWE-310
Cryptographic Issues
|
CVE-2015-0204
|
2024-11-21 11:22 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278923
|
- |
|
xen
opensuse
|
xen
opensuse
|
Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.
|
NVD-CWE-Other
|
CVE-2015-0361
|
2024-11-21 11:22 |
2015-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278924
|
7.5 |
HIGH
Network
|
2pisoftware
|
cmfive
|
system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such a…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-9702
|
2024-11-21 11:21 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278925
|
6.1 |
MEDIUM
Network
|
netsweeper
|
netsweeper
|
Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in t…
|
CWE-601
Open Redirect
|
CVE-2014-9617
|
2024-11-21 11:21 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278926
|
6.1 |
MEDIUM
Network
|
netsweeper
|
netsweeper
|
Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9615
|
2024-11-21 11:21 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278927
|
9.8 |
CRITICAL
Network
|
netsweeper
|
netsweeper
|
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-9614
|
2024-11-21 11:21 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278928
|
9.8 |
CRITICAL
Network
|
netsweeper
|
netsweeper
|
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpi…
|
CWE-89
SQL Injection
|
CVE-2014-9613
|
2024-11-21 11:21 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278929
|
9.8 |
CRITICAL
Network
|
netsweeper
|
netsweeper
|
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via t…
|
CWE-89
SQL Injection
|
CVE-2014-9612
|
2024-11-21 11:21 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278930
|
5.3 |
MEDIUM
Network
|
netsweeper
|
netsweeper
|
Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents v…
|
CWE-22
Path Traversal
|
CVE-2014-9609
|
2024-11-21 11:21 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
