|
270351
|
5.4 |
MEDIUM
Network
|
advantech
|
webaccess
|
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3948
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270352
|
8.1 |
HIGH
Network
|
advantech
|
webaccess
|
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2015-3947
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270353
|
8.8 |
HIGH
Network
|
advantech
|
webaccess
|
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2015-3946
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270354
|
5.3 |
MEDIUM
Network
|
advantech
|
webaccess
|
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-3943
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270355
|
- |
|
acunetix
|
web_vulnerability_scanner
|
The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4027
|
2024-11-21 11:30 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270356
|
- |
|
cisco
|
unified_communications_manager
|
Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.
|
CWE-79
Cross-site Scripting
|
CVE-2015-4206
|
2024-11-21 11:30 |
2015-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270357
|
- |
|
symantec
|
proxysg_firmware
|
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when u…
|
CWE-200
Information Exposure
|
CVE-2015-4334
|
2024-11-21 11:30 |
2015-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270358
|
- |
|
blackberry
|
enterprise_server
|
The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attack…
|
CWE-254
7PK - Security Features
|
CVE-2015-4112
|
2024-11-21 11:30 |
2015-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270359
|
- |
|
schneider-electric
|
imt25_magnetic_flow_dtm
|
Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-3977
|
2024-11-21 11:30 |
2015-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270360
|
- |
|
cisco
|
mobility_services_engine
|
Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv405…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4282
|
2024-11-21 11:30 |
2015-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
