|
272231
|
- |
|
lenovo
|
thinkserver_system_manager_baseboard_management_controller_firmware
|
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of serv…
|
CWE-20
Improper Input Validation
|
CVE-2015-3323
|
2024-11-21 11:29 |
2015-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272232
|
- |
|
lenovo
|
thinkserver_rd650_firmware
thinkserver_rd650
thinkserver_td350_firmware
thinkserver_td350
thinkserver_rd350_firmware
thinkserver_rd350
thinkserver_rd550_firmware
thinkserver_rd55…
|
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwo…
|
CWE-310
Cryptographic Issues
|
CVE-2015-3322
|
2024-11-21 11:29 |
2015-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272233
|
- |
|
lenovo
|
usb_enhanced_performance_keyboard
|
Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output.
|
CWE-200
Information Exposure
|
CVE-2015-3320
|
2024-11-21 11:29 |
2015-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272234
|
- |
|
hotspotexpress
|
hotex_billing_manager
|
Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script a…
|
CWE-200
Information Exposure
|
CVE-2015-3319
|
2024-11-21 11:29 |
2015-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272235
|
- |
|
fortinet
|
fortimail
|
FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command.
|
CWE-200
Information Exposure
|
CVE-2015-3293
|
2024-11-21 11:29 |
2015-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272236
|
5.9 |
MEDIUM
Network
|
line
|
line\
|
LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be …
|
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
|
CVE-2015-2968
|
2024-11-21 11:28 |
2023-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272237
|
5.3 |
MEDIUM
Network
|
openshift
|
origin
|
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2015-3207
|
2024-11-21 11:28 |
2022-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272238
|
7.2 |
HIGH
Network
|
custom_content_type_manager_project
|
custom_content_type_manager
|
custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.
|
CWE-94
Code Injection
|
CVE-2015-3173
|
2024-11-21 11:28 |
2022-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272239
|
5.4 |
MEDIUM
Network
|
eidogo
|
eidogo
|
EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3172
|
2024-11-21 11:28 |
2022-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272240
|
6.5 |
MEDIUM
Network
|
juniper
|
junos
|
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys o…
|
CWE-331
Insufficient Entropy
|
CVE-2015-3006
|
2024-11-21 11:28 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
