|
276221
|
8.4 |
HIGH
Local
|
emc
|
vplex_geosynchrony
|
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-6850
|
2024-11-21 11:35 |
2015-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276222
|
9.8 |
CRITICAL
Network
|
ephiphanyheathdata
|
cardio_server
|
The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access…
|
NVD-CWE-Other
|
CVE-2015-6538
|
2024-11-21 11:35 |
2015-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276223
|
9.8 |
CRITICAL
Network
|
epiphanyhealthdata
|
cardio_server
|
SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL.
|
CWE-89
SQL Injection
|
CVE-2015-6537
|
2024-11-21 11:35 |
2015-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276224
|
9.8 |
CRITICAL
Network
|
google
|
chrome
|
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (applicatio…
|
NVD-CWE-noinfo
|
CVE-2015-6792
|
2024-11-21 11:35 |
2015-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276225
|
6.7 |
MEDIUM
Local
|
rsa
|
securid_web_agent
|
EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.
|
CWE-284
Improper Access Control
|
CVE-2015-6851
|
2024-11-21 11:35 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276226
|
5.3 |
MEDIUM
Network
|
eaton
|
proview
|
Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attacker…
|
CWE-200
Information Exposure
|
CVE-2015-6471
|
2024-11-21 11:35 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276227
|
8.3 |
HIGH
Network
|
moxa
|
oncell_central_manager
|
The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login se…
|
NVD-CWE-Other
|
CVE-2015-6481
|
2024-11-21 11:35 |
2015-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276228
|
8.3 |
HIGH
Network
|
moxa
|
oncell_central_manager
|
The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrate…
|
CWE-287
Improper Authentication
|
CVE-2015-6480
|
2024-11-21 11:35 |
2015-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276229
|
7.3 |
HIGH
Network
|
vmware
|
vcenter_orchestrator
vrealize_orchestrator
|
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow…
|
CWE-20
Improper Input Validation
|
CVE-2015-6934
|
2024-11-21 11:35 |
2015-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276230
|
- |
|
symantec
|
endpoint_encryption
|
EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump.
|
CWE-200
Information Exposure
|
CVE-2015-6556
|
2024-11-21 11:35 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
