Vulnerabilities (CVE)

Total 15441 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8520 1 Ibm 1 Tivoli Storage Manager Fastback 2016-11-28 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522.
CVE-2015-8519 1 Ibm 1 Tivoli Storage Manager Fastback 2016-11-28 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522.
CVE-2015-8521 1 Ibm 1 Tivoli Storage Manager Fastback 2016-11-28 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522.
CVE-2015-8267 1 Dovestones 1 Ad Self Password Reset 2016-11-28 7.5 HIGH 10.0 CRITICAL
The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.
CVE-2015-7695 2 Debian, Zend 2 Debian Linux, Zend Framework 2016-11-28 7.5 HIGH 9.8 CRITICAL
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
CVE-2015-7930 1 Adcon 1 A840 Telemetry Gateway Base Station Firmware 2016-11-28 10.0 HIGH 10.0 CRITICAL
Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
CVE-2015-7792 1 Corega 1 Cg-wlbargs Firmware 2016-11-28 10.0 HIGH 9.8 CRITICAL
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.
CVE-2015-7425 1 Ibm 2 Tivoli Storage Flashcopy Manager For Vmware, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware 2016-11-28 10.0 HIGH 10.0 CRITICAL
The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.
CVE-2015-7280 1 Readynet Solutions 2 Wrt300n-dd, Wrt300n-dd Firmware 2016-11-28 10.0 HIGH 9.8 CRITICAL
The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
CVE-2015-7277 1 Ampedwireless 2 R10000, R10000 Firmware 2016-11-28 9.3 HIGH 9.8 CRITICAL
The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
CVE-2015-5721 1 Misp-project 1 Malware Information Sharing Platform 2016-11-28 7.5 HIGH 9.8 CRITICAL
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
CVE-2015-5719 1 Misp-project 1 Malware Information Sharing Platform 2016-11-28 10.0 HIGH 9.8 CRITICAL
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
CVE-2014-9902 1 Google 1 Android 2016-11-28 10.0 HIGH 9.8 CRITICAL
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
CVE-2014-9906 2 Dbd-mysql Project, Debian 2 Dbd-mysql, Debian Linux 2016-11-28 10.0 HIGH 9.8 CRITICAL
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
CVE-2014-5414 1 Beckhoff 2 Embedded Pc Images, Twincat 2016-11-28 9.4 HIGH 9.1 CRITICAL
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2014-5415 1 Beckhoff 2 Embedded Pc Images, Twincat 2016-11-28 9.4 HIGH 9.1 CRITICAL
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
CVE-2016-8869 1 Joomla 1 Joomla\! 2016-11-07 7.5 HIGH 9.8 CRITICAL
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
CVE-2015-1000009 1 Google-adsense-and-hotel-booking Project 1 Google-adsense-and-hotel-booking 2016-10-27 6.4 MEDIUM 9.1 CRITICAL
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05
CVE-2015-1000000 1 Mailcwp Project 1 Mailcwp 2016-10-27 5.0 MEDIUM 9.8 CRITICAL
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
CVE-2016-8276 1 Huawei 4 Usg2100, Usg2200, Usg5100 and 1 more 2016-10-04 9.3 HIGH 9.8 CRITICAL
Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.