|
276241
|
- |
|
siemens
|
wincc
|
The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime f…
|
CWE-310
Cryptographic Issues
|
CVE-2015-1358
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276242
|
- |
|
siemens
|
simatic_step_7
|
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitra…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1356
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276243
|
- |
|
siemens
|
simatic_step_7
|
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting …
|
CWE-310
Cryptographic Issues
|
CVE-2015-1355
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276244
|
- |
|
webform_prepopulate_block_project
|
webform_prepopulate_block
|
Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vec…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1621
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276245
|
- |
|
mcafee
|
email_gateway
|
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allo…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1619
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276246
|
- |
|
mcafee
|
data_loss_prevention_endpoint
|
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL.
|
CWE-200
Information Exposure
|
CVE-2015-1618
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276247
|
- |
|
mcafee
|
data_loss_prevention_endpoint
|
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1617
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276248
|
- |
|
mcafee
|
data_loss_prevention_endpoint
|
SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified …
|
CWE-89
SQL Injection
|
CVE-2015-1616
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276249
|
- |
|
colorlib
|
fancybox
|
The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter i…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1494
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276250
|
- |
|
rhodecode
|
rhodecode_enterprise
|
RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method.
|
CWE-200
Information Exposure
|
CVE-2015-1613
|
2024-11-21 11:25 |
2015-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
