|
271951
|
- |
|
websense
|
v-series_appliances
triton_ap_data
triton_ap_web
triton_ap_email
|
Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Securi…
|
CWE-200
Information Exposure
|
CVE-2015-2748
|
2024-11-21 11:27 |
2015-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271952
|
- |
|
websense
|
v-series_appliances
triton
|
Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject …
|
CWE-79
Cross-site Scripting
|
CVE-2015-2747
|
2024-11-21 11:27 |
2015-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271953
|
- |
|
websense
|
v-series_appliances
triton
|
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticat…
|
CWE-77
Command Injection
|
CVE-2015-2746
|
2024-11-21 11:27 |
2015-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271954
|
- |
|
citrix
|
command_center
|
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execut…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2683
|
2024-11-21 11:27 |
2015-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271955
|
- |
|
citrix
|
command_center
|
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
|
CWE-17
Code
|
CVE-2015-2682
|
2024-11-21 11:27 |
2015-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271956
|
- |
|
websense
|
triton_ap_web
v-series_appliances
|
Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-use…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2703
|
2024-11-21 11:27 |
2015-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271957
|
- |
|
websense
|
triton_ap_data
triton_ap_web
v-series_appliances
triton_ap_email
|
Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2702
|
2024-11-21 11:27 |
2015-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271958
|
- |
|
cs-cart
|
cs-cart
|
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-updat…
|
CWE-352
Origin Validation Error
|
CVE-2015-2701
|
2024-11-21 11:27 |
2015-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271959
|
- |
|
debian
drupal
|
debian_linux
drupal
|
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a craf…
|
CWE-284
Improper Access Control
|
CVE-2015-2559
|
2024-11-21 11:27 |
2015-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271960
|
- |
|
fedoraproject
debian
opensuse
djangoproject
oracle
canonical
|
fedora
debian_linux
opensuse
django
solaris
ubuntu_linux
|
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to c…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2317
|
2024-11-21 11:27 |
2015-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
