|
272021
|
- |
|
synology
|
video_station
|
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.
|
CWE-77
Command Injection
|
CVE-2015-6912
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272022
|
- |
|
synology
|
video_station
|
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
|
CWE-89
SQL Injection
|
CVE-2015-6911
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272023
|
- |
|
synology
|
video_station
|
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.
|
CWE-89
SQL Injection
|
CVE-2015-6910
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272024
|
- |
|
synology
|
download_station
|
Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6909
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272025
|
- |
|
openldap
apple
|
openldap
mac_os_x
|
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER dat…
|
CWE-20
Improper Input Validation
|
CVE-2015-6908
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272026
|
- |
|
siemens
|
ruggedcom_rugged_operating_system
|
Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic.
|
CWE-284
Improper Access Control
|
CVE-2015-6675
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272027
|
- |
|
moxa
|
eds-405a_firmware
eds-408a_firmware
|
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to i…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6466
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272028
|
- |
|
moxa
|
eds-405a_firmware
eds-408a_firmware
|
The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL.
|
NVD-CWE-noinfo
|
CVE-2015-6465
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272029
|
- |
|
moxa
|
eds-405a_firmware
eds-408a_firmware
|
The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a w…
|
NVD-CWE-noinfo
|
CVE-2015-6464
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272030
|
- |
|
auto-exchanger
|
auto-exchanger
|
Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php.
|
CWE-352
Origin Validation Error
|
CVE-2015-6827
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
