|
269391
|
4.3 |
MEDIUM
Network
|
emc
|
secure_remote_services
|
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.
|
CWE-200
Information Exposure
|
CVE-2015-6852
|
2024-11-21 11:35 |
2015-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269392
|
8.4 |
HIGH
Local
|
emc
|
vplex_geosynchrony
|
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-6850
|
2024-11-21 11:35 |
2015-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269393
|
9.8 |
CRITICAL
Network
|
ephiphanyheathdata
|
cardio_server
|
The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access…
|
NVD-CWE-Other
|
CVE-2015-6538
|
2024-11-21 11:35 |
2015-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269394
|
9.8 |
CRITICAL
Network
|
epiphanyhealthdata
|
cardio_server
|
SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL.
|
CWE-89
SQL Injection
|
CVE-2015-6537
|
2024-11-21 11:35 |
2015-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269395
|
9.8 |
CRITICAL
Network
|
google
|
chrome
|
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (applicatio…
|
NVD-CWE-noinfo
|
CVE-2015-6792
|
2024-11-21 11:35 |
2015-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269396
|
6.7 |
MEDIUM
Local
|
rsa
|
securid_web_agent
|
EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.
|
CWE-284
Improper Access Control
|
CVE-2015-6851
|
2024-11-21 11:35 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269397
|
5.3 |
MEDIUM
Network
|
eaton
|
proview
|
Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attacker…
|
CWE-200
Information Exposure
|
CVE-2015-6471
|
2024-11-21 11:35 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269398
|
8.3 |
HIGH
Network
|
moxa
|
oncell_central_manager
|
The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login se…
|
NVD-CWE-Other
|
CVE-2015-6481
|
2024-11-21 11:35 |
2015-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269399
|
8.3 |
HIGH
Network
|
moxa
|
oncell_central_manager
|
The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrate…
|
CWE-287
Improper Authentication
|
CVE-2015-6480
|
2024-11-21 11:35 |
2015-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269400
|
7.3 |
HIGH
Network
|
vmware
|
vcenter_orchestrator
vrealize_orchestrator
|
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow…
|
CWE-20
Improper Input Validation
|
CVE-2015-6934
|
2024-11-21 11:35 |
2015-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
