|
274151
|
- |
|
siemens
|
simatic_step_7
|
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitra…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1356
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274152
|
- |
|
siemens
|
simatic_step_7
|
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting …
|
CWE-310
Cryptographic Issues
|
CVE-2015-1355
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274153
|
- |
|
webform_prepopulate_block_project
|
webform_prepopulate_block
|
Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vec…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1621
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274154
|
- |
|
mcafee
|
email_gateway
|
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allo…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1619
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274155
|
- |
|
mcafee
|
data_loss_prevention_endpoint
|
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL.
|
CWE-200
Information Exposure
|
CVE-2015-1618
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274156
|
- |
|
mcafee
|
data_loss_prevention_endpoint
|
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1617
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274157
|
- |
|
mcafee
|
data_loss_prevention_endpoint
|
SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified …
|
CWE-89
SQL Injection
|
CVE-2015-1616
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274158
|
- |
|
colorlib
|
fancybox
|
The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter i…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1494
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274159
|
- |
|
rhodecode
|
rhodecode_enterprise
|
RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method.
|
CWE-200
Information Exposure
|
CVE-2015-1613
|
2024-11-21 11:25 |
2015-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274160
|
- |
|
solarwinds
|
server_and_application_monitor
|
The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafte…
|
CWE-94
Code Injection
|
CVE-2015-1501
|
2024-11-21 11:25 |
2015-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
