|
273211
|
- |
|
servision
|
hvg_video_gateway_firmware
|
The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HT…
|
CWE-255
Credentials Management
|
CVE-2015-0930
|
2024-11-21 11:24 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273212
|
- |
|
servision
|
hvg_video_gateway_firmware
|
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a c…
|
CWE-284
Improper Access Control
|
CVE-2015-0929
|
2024-11-21 11:24 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273213
|
- |
|
siemens
|
scalance_x-200_series_firmware
|
The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2015-1049
|
2024-11-21 11:24 |
2015-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273214
|
- |
|
labtech_software
|
labtech
|
Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file.
|
CWE-284
Improper Access Control
|
CVE-2015-0926
|
2024-11-21 11:24 |
2015-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273215
|
- |
|
vmware
|
workstation
esxi
player
|
vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of se…
|
NVD-CWE-noinfo
|
CVE-2015-1044
|
2024-11-21 11:24 |
2015-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273216
|
- |
|
vmware
|
fusion
workstation
player
|
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a gu…
|
CWE-20
Improper Input Validation
|
CVE-2015-1043
|
2024-11-21 11:24 |
2015-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273217
|
- |
|
opensuse
polarssl
|
opensuse
polarssl
|
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows r…
|
NVD-CWE-Other
|
CVE-2015-1182
|
2024-11-21 11:24 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273218
|
- |
|
infinite_automation_systems
|
mango_automation
|
Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1179
|
2024-11-21 11:24 |
2015-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273219
|
- |
|
qualiteam
|
x-cart
|
Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id par…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1178
|
2024-11-21 11:24 |
2015-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273220
|
- |
|
pxz_project
|
pxz
|
Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to byp…
|
CWE-362
Race Condition
|
CVE-2015-1200
|
2024-11-21 11:24 |
2015-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
