|
277861
|
- |
|
apple
|
tvos
iphone_os
|
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context …
|
CWE-20
Improper Input Validation
|
CVE-2015-1086
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277862
|
- |
|
apple
|
iphone_os
|
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1085
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277863
|
- |
|
qualiteam
|
x-cart
|
X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0951
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277864
|
- |
|
qualiteam
|
x-cart
|
Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-0950
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277865
|
- |
|
antlabs
|
inngate_ig_3.10_g
inngate_ig_3.10_e
inngate_ig_3.00_e
inngate_ig_3.01_e
inngate_ig_3100
inngate_ig_3101
inngate_ig_3.02_e
|
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0932
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277866
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.
|
CWE-255
Credentials Management
|
CVE-2015-0995
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277867
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.
|
CWE-254
7PK - Security Features
|
CVE-2015-0994
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277868
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
|
CWE-254
7PK - Security Features
|
CVE-2015-0993
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277869
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-0992
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277870
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.
|
CWE-200
Information Exposure
|
CVE-2015-0991
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
