|
267411
|
5.3 |
MEDIUM
Network
|
rubyonrails
|
ruby_on_rails
rails
|
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta…
|
CWE-284
Improper Access Control
|
CVE-2015-7577
|
2024-11-21 11:37 |
2016-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267412
|
3.7 |
LOW
Network
|
rubyonrails
|
ruby_on_rails
rails
|
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22…
|
CWE-254
7PK - Security Features
|
CVE-2015-7576
|
2024-11-21 11:37 |
2016-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267413
|
5.3 |
MEDIUM
Network
|
ipswitch
|
moveit_dmz
|
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a s…
|
CWE-200
Information Exposure
|
CVE-2015-7680
|
2024-11-21 11:37 |
2016-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267414
|
6.1 |
MEDIUM
Network
|
ipswitch
|
moveit_mobile
|
Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/.
|
CWE-79
Cross-site Scripting
|
CVE-2015-7679
|
2024-11-21 11:37 |
2016-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267415
|
8.8 |
HIGH
Network
|
ipswitch
|
moveit_mobile
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vecto…
|
CWE-352
Origin Validation Error
|
CVE-2015-7678
|
2024-11-21 11:37 |
2016-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267416
|
4.3 |
MEDIUM
Network
|
ipswitch
|
moveit_dmz
|
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the …
|
CWE-200
Information Exposure
|
CVE-2015-7677
|
2024-11-21 11:37 |
2016-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267417
|
6.5 |
MEDIUM
Network
|
ipswitch
|
moveit_mobile
moveit_dmz
|
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID i…
|
CWE-200
Information Exposure
|
CVE-2015-7675
|
2024-11-21 11:37 |
2016-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267418
|
6.5 |
MEDIUM
Network
|
sauter-controls
|
moduweb_vision
|
Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
|
CWE-79
Cross-site Scripting
|
CVE-2015-7916
|
2024-11-21 11:37 |
2016-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267419
|
9.8 |
CRITICAL
Network
|
sauter
|
moduweb_vision
|
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
|
CWE-255
CWE-200
Credentials Management
Information Exposure
|
CVE-2015-7915
|
2024-11-21 11:37 |
2016-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267420
|
8.1 |
HIGH
Network
|
sauter
|
moduweb_vision
|
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password.
|
CWE-287
CWE-254
Improper Authentication
7PK - Security Features
|
CVE-2015-7914
|
2024-11-21 11:37 |
2016-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
