|
268631
|
6.5 |
MEDIUM
Network
|
cisco
|
unified_communications_manager
|
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.
|
CWE-89
SQL Injection
|
CVE-2015-6433
|
2024-11-21 11:34 |
2016-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268632
|
7.5 |
HIGH
Network
|
cisco
|
ios_xr
|
Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows…
|
CWE-399
Resource Management Errors
|
CVE-2015-6432
|
2024-11-21 11:34 |
2016-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268633
|
8.8 |
HIGH
Network
|
zyxel
|
gs1900-10hp_firmware
|
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
Origin Validation Error
|
CVE-2015-5990
|
2024-11-21 11:34 |
2016-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268634
|
9.8 |
CRITICAL
Network
|
zyxel
|
gs1900-10hp_firmware
|
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStat…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5989
|
2024-11-21 11:34 |
2016-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268635
|
9.8 |
CRITICAL
Network
|
zyxel
|
gs1900-10hp_firmware
|
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
|
CWE-255
Credentials Management
|
CVE-2015-5988
|
2024-11-21 11:34 |
2016-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268636
|
8.6 |
HIGH
Network
|
zyxel
|
gs1900-10hp_firmware
|
Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by pred…
|
NVD-CWE-Other
|
CVE-2015-5987
|
2024-11-21 11:34 |
2016-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268637
|
8.0 |
HIGH
Adjacent
|
zyxel
|
pmg5318-b20a_firmware
|
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-6020
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268638
|
8.5 |
HIGH
Network
|
zyxel
|
pmg5318-b20a_firmware
|
The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by…
|
NVD-CWE-Other
|
CVE-2015-6019
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268639
|
9.8 |
CRITICAL
Network
|
zyxel
|
pmg5318-b20a_firmware
|
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-6018
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268640
|
6.1 |
MEDIUM
Network
|
zyxel
|
p-660hw-t1_v2_firmware
|
Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via t…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6017
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
