|
274581
|
- |
|
thycotic
|
secret_server
|
The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-4094
|
2024-11-21 11:30 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274582
|
- |
|
sensiolabs
|
symfony
|
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if …
|
CWE-284
Improper Access Control
|
CVE-2015-4050
|
2024-11-21 11:30 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274583
|
- |
|
djangoproject
|
django
|
The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the …
|
NVD-CWE-Other
|
CVE-2015-3982
|
2024-11-21 11:30 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274584
|
- |
|
ids
|
nc854
nc856
|
Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web s…
|
CWE-22
Path Traversal
|
CVE-2015-3939
|
2024-11-21 11:30 |
2015-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274585
|
- |
|
blue_coat
|
ssl_visibility_appliance_sv1800_firmware
ssl_visibility_appliance_sv800_firmware
ssl_visibility_appliance_sv3800_firmware
ssl_visibility_appliance_sv2800_firmware
|
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administ…
|
CWE-200
Information Exposure
|
CVE-2015-4138
|
2024-11-21 11:30 |
2015-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274586
|
- |
|
arcserve
|
arcserve_unified_data_protection
|
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolic…
|
CWE-200
Information Exposure
|
CVE-2015-4069
|
2024-11-21 11:30 |
2015-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274587
|
- |
|
dell
|
netvault_backup
|
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which trig…
|
CWE-189
Numeric Errors
|
CVE-2015-4067
|
2024-11-21 11:30 |
2015-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274588
|
- |
|
wavelink
|
connectpro
|
Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-4060
|
2024-11-21 11:30 |
2015-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274589
|
- |
|
wavelink
|
terminal_emulation
|
Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-4059
|
2024-11-21 11:30 |
2015-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274590
|
- |
|
ipsec-tools
canonical
fedoraproject
f5
debian
|
ipsec-tools
ubuntu_linux
fedora
big-ip_application_acceleration_manager
big-ip_local_traffic_manager
big-ip_advanced_firewall_manager
big-ip_analytics
big-ip_access_policy_manage…
|
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
|
CWE-476
NULL Pointer Dereference
|
CVE-2015-4047
|
2024-11-21 11:30 |
2015-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
