Cisco Unified MeetingPlace SQL Injection Vulnerability (CNVD-2015-04162)

Cisco Unified MeetingPlace conferencing solutions allow organizations to host integrated voice, video, and web conferences. A SQL injection vulnerability exists in Cisco Unified MeetingPlace due to the program failing to properly validate user input within a sql query. An authenticated, remote...

CVE-2014-4882

Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request...

CVE-2014-4882

Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request...

PT-2015-2509 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 5.5.43 and earlier Oracle MySQL Server versions 5.6.24 and earlier Description: The issue is related to errors in the code of the Server: Security: Privileges subcomponent of the MySQL database management system. ...

Design/Logic Flaw

The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate...

CVE-2015-1893

The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors...

Design/Logic Flaw

The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors...

CVE-2015-1893

The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors...

CVE-2015-2109

Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors...

CVE-2015-2109

Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors...

CVE-2015-2109

CVE-2015-2109 affects HP Operations Orchestration 10.x where an authentication bypass vulnerability exists due to an unspecified flaw. Public documents show affected versions are HP O.O. 10.x prior to 10.21 (per Tenable NASL reference) and HP security bulletin HPSBMU03292 rev.1 (SSRT101981) confi...

Code injection

Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors...

CVE-2014-7875

Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors...

CVE-2014-8244

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...

Cross site request forgery (csrf)

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...

CVE-2014-8244

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...

WordPress Plugin Spider Facebook - 'facebook.php' SQL Injection

source: https://www.securityfocus.com/bid/69675/info Spider Facebook plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Authentication flaw

Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors...

CVE-2014-5285

Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors...

CVE-2014-5285

CVE-2014-5285 affects the Authentication Module of TIBCO Spotfire Server prior to specific versions: 4.5.2, 5.0.x prior to 5.0.3, 5.5.x prior to 5.5.2, 6.0.x prior to 6.0.3, and 6.5.x prior to 6.5.1. The issue is described as an unspecified flaw in the Authentication Module that enables remote at...