|
270601
|
- |
|
services_basic_authentication_project
|
services_basic_authentication
|
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4344
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270602
|
- |
|
rle
|
nova-wind_turbine_hmi_firmware
|
RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-3951
|
2024-11-21 11:30 |
2015-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270603
|
- |
|
sinapsi
|
esolar_light_firmware
|
Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page.
|
CWE-200
Information Exposure
|
CVE-2015-3949
|
2024-11-21 11:30 |
2015-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270604
|
- |
|
actian
|
matrix
|
Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table.
|
CWE-89
SQL Injection
|
CVE-2015-3993
|
2024-11-21 11:30 |
2015-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270605
|
- |
|
cisco
|
ios
|
The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CS…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4185
|
2024-11-21 11:30 |
2015-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270606
|
- |
|
cisco
|
email_security_appliance
|
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF rec…
|
CWE-20
Improper Input Validation
|
CVE-2015-4184
|
2024-11-21 11:30 |
2015-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270607
|
- |
|
cisco
|
identity_services_engine_software
|
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or chang…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4182
|
2024-11-21 11:30 |
2015-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270608
|
- |
|
strongswan
debian
canonical
|
strongswan_vpn_client
debian_linux
ubuntu_linux
strongswan
|
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication rest…
|
CWE-200
Information Exposure
|
CVE-2015-4171
|
2024-11-21 11:30 |
2015-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270609
|
- |
|
zanematthew
|
zm_ajax_login_\&_register
|
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the templ…
|
CWE-22
Path Traversal
|
CVE-2015-4153
|
2024-11-21 11:30 |
2015-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270610
|
- |
|
wftpserver
|
wing_ftp_server
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrar…
|
CWE-352
Origin Validation Error
|
CVE-2015-4108
|
2024-11-21 11:30 |
2015-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
