|
272621
|
6.1 |
MEDIUM
Network
|
microsoft
|
sharepoint_foundation
sharepoint_server
|
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) a…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6117
|
2024-11-21 11:34 |
2016-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272622
|
6.1 |
MEDIUM
Network
|
cisco
|
prime_infrastructure
|
Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted we…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6434
|
2024-11-21 11:34 |
2016-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272623
|
6.5 |
MEDIUM
Network
|
cisco
|
unified_communications_manager
|
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.
|
CWE-89
SQL Injection
|
CVE-2015-6433
|
2024-11-21 11:34 |
2016-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272624
|
7.5 |
HIGH
Network
|
cisco
|
ios_xr
|
Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows…
|
CWE-399
Resource Management Errors
|
CVE-2015-6432
|
2024-11-21 11:34 |
2016-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272625
|
8.8 |
HIGH
Network
|
zyxel
|
gs1900-10hp_firmware
|
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
Origin Validation Error
|
CVE-2015-5990
|
2024-11-21 11:34 |
2016-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272626
|
9.8 |
CRITICAL
Network
|
zyxel
|
gs1900-10hp_firmware
|
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStat…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5989
|
2024-11-21 11:34 |
2016-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272627
|
9.8 |
CRITICAL
Network
|
zyxel
|
gs1900-10hp_firmware
|
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
|
CWE-255
Credentials Management
|
CVE-2015-5988
|
2024-11-21 11:34 |
2016-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272628
|
8.6 |
HIGH
Network
|
zyxel
|
gs1900-10hp_firmware
|
Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by pred…
|
NVD-CWE-Other
|
CVE-2015-5987
|
2024-11-21 11:34 |
2016-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272629
|
8.0 |
HIGH
Adjacent
|
zyxel
|
pmg5318-b20a_firmware
|
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-6020
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272630
|
8.5 |
HIGH
Network
|
zyxel
|
pmg5318-b20a_firmware
|
The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by…
|
NVD-CWE-Other
|
CVE-2015-6019
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
