CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2015/09/28 2:59 a.m.•17 views

Xxe

5.8CVSS7.4AI score0.00126EPSS

Cvelist•added 2015/09/28 1:0 a.m.•19 views

CVE-2015-6463

6.9AI score0.00126EPSS

CVE•added 2015/09/28 1:0 a.m.•49 views

CVE-2015-6463

CVE-2015-6463 concerns CodeWrights HART Comm DTM components used with Endress+Hauser FieldCare. The vulnerability arises from processing a longtag XML schema containing an external entity declaration and an entity reference (XXE), enabling a remote attacker to read arbitrary files, issue HTTP req...

5.8CVSS7.1AI score0.00126EPSS

Exploits0References1Affected Software2

erpscan•added 2015/09/28 12:0 a.m.•24 views

SAP HANA hdbxsengine JSON - DoS

Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://www.sap.com Bugs: DoS Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: DoS Impact:...

0.3AI score

Packet Storm•added 2015/09/28 12:0 a.m.•41 views

Mango Automation 2.6.0 SQL Query Cross Site Request Forgery

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com/ Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a flexible SCADA, HMI And Automation software application that allo...

0.8AI score

Zero Science Lab•added 2015/09/26 12:0 a.m.•126 views

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...

6.5CVSS6.1AI score0.00666EPSS

Exploits1

Zero Science Lab•added 2015/09/26 12:0 a.m.•52 views

Centreon 2.6.1 CSRF Add Admin Exploit

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The application allows users to perform certain actions via HTTP requests without performing any validity chec...

5.8AI score

BDU FSTEC•added 2015/09/15 12:0 a.m.•4 views

The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server allows a intruder to execute arbitrary commands on the operating system.

The vulnerability of the Microprogrammed Software of the Cisco TelePresence Video Communication Server exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands using a specially crafted HTTP reques...

4CVSS5.9AI score0.00243EPSS

NVD•added 2015/09/14 1:59 a.m.•18 views

CVE-2015-6288

Cisco Content Security Management Appliance SMA 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service rapid log-file rollover and application fault via crafted HTTP requests, aka Bug ID CSCuw09620...

5CVSS6.7AI score0.00712EPSS

Prion•added 2015/09/14 1:59 a.m.•14 views

Code injection

5CVSS7.2AI score0.00712EPSS

Exploits0References2Affected Software1

CVE•added 2015/09/14 1:0 a.m.•42 views

CVE-2015-6288

CVE-2015-6288 affects Cisco Content Security Management Appliance (SMA) 7.8.0-000. The issue is a web-interface vulnerability where insufficient validation of credentials for incoming HTTP requests allows unauthenticated remote attackers to trigger a denial-of-service via rapid log-file rollover,...

5CVSS6.9AI score0.00712EPSS

Exploits0References2Affected Software1

Cvelist•added 2015/09/14 1:0 a.m.•23 views

CVE-2015-6288

6.7AI score0.00712EPSS

NVD•added 2015/09/04 1:59 a.m.•21 views

CVE-2015-6259

The JavaServer Pages JSP component in Cisco Integrated Management Controller IMC Supervisor before 1.0.0.1 and UCS Director formerly Cloupia Unified Infrastructure Controller before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and...

9.4CVSS6.8AI score0.01714EPSS

Prion•added 2015/09/04 1:59 a.m.•17 views

Code injection

9.4CVSS7.3AI score0.01714EPSS

Exploits0References2Affected Software2

CVE•added 2015/09/04 1:0 a.m.•60 views

CVE-2015-6259

CVE-2015-6259 affects Cisco Integrated Management Controller (IMC) Supervisor prior to 1.0.0.1 and Cisco UCS Director prior to 5.2.0.1. The JSP component enables remote attackers to overwrite arbitrary files via crafted HTTP requests, a vulnerability tracked as CSCus36435/CSCus62625. The issue is...

9.4CVSS7AI score0.01714EPSS

Exploits0References2Affected Software1

Cvelist•added 2015/09/04 1:0 a.m.•24 views

CVE-2015-6259

6.8AI score0.01714EPSS

ThreatPost•added 2015/09/03 1:40 p.m.•7 views

Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director

Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable. The vulnerability affects the Cisco Integrated Management Controlled Supervisor and UCS Director software. The...

1.9AI score

Hacker One•added 2015/08/29 8:2 p.m.•18 views

ownCloud: apps.owncloud.com: Potential XSS

@alaarfaoui reported an issue potentially leading to a XSS vulnerability when an attacker is able to intercept and modify unencrypted HTTP requests. As of request by the reporter this issue has been only disclosed limited. Potential XSS Vulnerability was found. Able to steal the victim's session...

1AI score