|
272811
|
7.5 |
HIGH
Network
|
lighttpd
hp
oracle
|
lighttpd
virtual_customer_access_system
solaris
|
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a N…
|
CWE-74
Injection
|
CVE-2015-3200
|
2024-11-21 11:28 |
2015-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272812
|
- |
|
zohocorp
|
manageengine_netflow_analyzer
|
Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.
|
CWE-352
Origin Validation Error
|
CVE-2015-2961
|
2024-11-21 11:28 |
2015-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272813
|
- |
|
zohocorp
|
manageengine_netflow_analyzer
|
Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2960
|
2024-11-21 11:28 |
2015-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272814
|
- |
|
zohocorp
|
manageengine_netflow_analyzer
|
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by l…
|
CWE-284
Improper Access Control
|
CVE-2015-2959
|
2024-11-21 11:28 |
2015-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272815
|
- |
|
redhat
|
thermostat
|
Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.
|
CWE-200
Information Exposure
|
CVE-2015-3201
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272816
|
- |
|
sysaid
|
sysaid
|
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by lever…
|
CWE-255
Credentials Management
|
CVE-2015-3001
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272817
|
- |
|
sysaid
|
sysaid
|
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2…
|
CWE-399
Resource Management Errors
|
CVE-2015-3000
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272818
|
- |
|
sysaid
|
sysaid
|
Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /ge…
|
CWE-89
SQL Injection
|
CVE-2015-2999
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272819
|
- |
|
sysaid
|
sysaid
|
SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-IN…
|
CWE-200
Information Exposure
|
CVE-2015-2998
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272820
|
- |
|
sysaid
|
sysaid
|
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal…
|
CWE-200
Information Exposure
|
CVE-2015-2997
|
2024-11-21 11:28 |
2015-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
