|
278401
|
- |
|
php
redhat
apple
|
php
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
enterprise_linux_server_eus
enterprise_linux_hpc_node_eus
enterprise_l…
|
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-2783
|
2024-11-21 11:28 |
2015-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278402
|
7.5 |
HIGH
Network
|
lighttpd
hp
oracle
|
lighttpd
virtual_customer_access_system
solaris
|
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a N…
|
CWE-74
Injection
|
CVE-2015-3200
|
2024-11-21 11:28 |
2015-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278403
|
- |
|
zohocorp
|
manageengine_netflow_analyzer
|
Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.
|
CWE-352
Origin Validation Error
|
CVE-2015-2961
|
2024-11-21 11:28 |
2015-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278404
|
- |
|
zohocorp
|
manageengine_netflow_analyzer
|
Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2960
|
2024-11-21 11:28 |
2015-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278405
|
- |
|
zohocorp
|
manageengine_netflow_analyzer
|
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by l…
|
CWE-284
Improper Access Control
|
CVE-2015-2959
|
2024-11-21 11:28 |
2015-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278406
|
- |
|
redhat
|
thermostat
|
Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.
|
CWE-200
Information Exposure
|
CVE-2015-3201
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278407
|
- |
|
sysaid
|
sysaid
|
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by lever…
|
CWE-255
Credentials Management
|
CVE-2015-3001
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278408
|
- |
|
sysaid
|
sysaid
|
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2…
|
CWE-399
Resource Management Errors
|
CVE-2015-3000
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278409
|
- |
|
sysaid
|
sysaid
|
Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /ge…
|
CWE-89
SQL Injection
|
CVE-2015-2999
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278410
|
- |
|
sysaid
|
sysaid
|
SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-IN…
|
CWE-200
Information Exposure
|
CVE-2015-2998
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
