|
277691
|
3.7 |
LOW
Network
|
rubyonrails
|
ruby_on_rails
rails
|
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22…
|
CWE-254
7PK - Security Features
|
CVE-2015-7576
|
2024-11-21 11:37 |
2016-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277692
|
5.3 |
MEDIUM
Network
|
ipswitch
|
moveit_dmz
|
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a s…
|
CWE-200
Information Exposure
|
CVE-2015-7680
|
2024-11-21 11:37 |
2016-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277693
|
6.1 |
MEDIUM
Network
|
ipswitch
|
moveit_mobile
|
Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/.
|
CWE-79
Cross-site Scripting
|
CVE-2015-7679
|
2024-11-21 11:37 |
2016-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277694
|
8.8 |
HIGH
Network
|
ipswitch
|
moveit_mobile
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vecto…
|
CWE-352
Origin Validation Error
|
CVE-2015-7678
|
2024-11-21 11:37 |
2016-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277695
|
4.3 |
MEDIUM
Network
|
ipswitch
|
moveit_dmz
|
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the …
|
CWE-200
Information Exposure
|
CVE-2015-7677
|
2024-11-21 11:37 |
2016-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277696
|
6.5 |
MEDIUM
Network
|
ipswitch
|
moveit_mobile
moveit_dmz
|
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID i…
|
CWE-200
Information Exposure
|
CVE-2015-7675
|
2024-11-21 11:37 |
2016-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277697
|
6.5 |
MEDIUM
Network
|
sauter-controls
|
moduweb_vision
|
Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
|
CWE-79
Cross-site Scripting
|
CVE-2015-7916
|
2024-11-21 11:37 |
2016-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277698
|
9.8 |
CRITICAL
Network
|
sauter
|
moduweb_vision
|
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
|
CWE-255
CWE-200
Credentials Management
Information Exposure
|
CVE-2015-7915
|
2024-11-21 11:37 |
2016-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277699
|
8.1 |
HIGH
Network
|
sauter
|
moduweb_vision
|
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password.
|
CWE-287
CWE-254
Improper Authentication
7PK - Security Features
|
CVE-2015-7914
|
2024-11-21 11:37 |
2016-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277700
|
9.0 |
CRITICAL
Network
|
westermo
|
weos
|
Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanism…
|
CWE-310
Cryptographic Issues
|
CVE-2015-7923
|
2024-11-21 11:37 |
2016-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
