|
268471
|
9.8 |
CRITICAL
Network
|
zyxel
|
pmg5318-b20a_firmware
|
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-6018
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268472
|
6.1 |
MEDIUM
Network
|
zyxel
|
p-660hw-t1_v2_firmware
|
Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via t…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6017
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268473
|
9.8 |
CRITICAL
Network
|
zyxel
|
nbg-418n
zynos_firmware
pmg5318-b20a_firmware
|
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows re…
|
CWE-255
Credentials Management
|
CVE-2015-6016
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268474
|
8.8 |
HIGH
Network
|
mediabridge
|
medialink_mwn-wapr300n_firmware
|
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
Origin Validation Error
|
CVE-2015-5996
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268475
|
9.8 |
CRITICAL
Network
|
tenda
mediabridge
|
n3_wireless_n150
medialink_mwn-wapr300n_firmware
|
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Coo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5995
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268476
|
6.8 |
MEDIUM
Adjacent
|
mediabridge
|
medialink_mwn-wapr300n_firmware
|
The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the media…
|
CWE-255
Credentials Management
|
CVE-2015-5994
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268477
|
6.5 |
MEDIUM
Network
|
progress
|
whatsup_gold
|
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.a…
|
CWE-89
SQL Injection
|
CVE-2015-6004
|
2024-11-21 11:34 |
2015-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268478
|
6.9 |
MEDIUM
Network
|
progress
|
whatsup_gold
|
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap mes…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6005
|
2024-11-21 11:34 |
2015-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268479
|
5.9 |
MEDIUM
Network
|
cisco
|
jabber
|
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSC…
|
CWE-200
Information Exposure
|
CVE-2015-6409
|
2024-11-21 11:34 |
2015-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268480
|
6.5 |
MEDIUM
Adjacent
|
cisco
|
ios_xe
|
Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.
|
CWE-399
Resource Management Errors
|
CVE-2015-6431
|
2024-11-21 11:34 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
