|
277391
|
- |
|
qualiteam
|
x-cart
|
X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0951
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277392
|
- |
|
qualiteam
|
x-cart
|
Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-0950
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277393
|
- |
|
antlabs
|
inngate_ig_3.10_g
inngate_ig_3.10_e
inngate_ig_3.00_e
inngate_ig_3.01_e
inngate_ig_3100
inngate_ig_3101
inngate_ig_3.02_e
|
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0932
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277394
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.
|
CWE-255
Credentials Management
|
CVE-2015-0995
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277395
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.
|
CWE-254
7PK - Security Features
|
CVE-2015-0994
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277396
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
|
CWE-254
7PK - Security Features
|
CVE-2015-0993
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277397
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-0992
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277398
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.
|
CWE-200
Information Exposure
|
CVE-2015-0991
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277399
|
- |
|
ecava
|
integraxor
|
Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.
|
NVD-CWE-Other
|
CVE-2015-0990
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277400
|
- |
|
inductiveautomation
|
ignition
|
Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-0976
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
