DEBIAN-CVE-2016-2045

Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...

UBUNTU-CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

CVE-2015-8151

Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 is affected by CVE-2015-8151, a web UI command-injection vulnerability. An authenticated remote user with console administrator access can cause arbitrary OS commands to run with elevated privileges due to improper input sanitization ...

Design/Logic Flaw

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486...

CVE-2015-8484

CVE-2015-8484 concerns Cybozu Office versions 9.9.0 through 10.3.0 where remote authenticated users can bypass calendar-viewing restrictions. The Connected document CVE-2016-1152 confirms a related issue in Cybozu Office 9.9.0 through 10.3.0: remote authenticated users can bypass access restricti...

CVE-2015-8486

Cybozu Office 9.9.0–10.3.0 contains a security mechanism bypass vulnerability (CVE-2015-8486) that can be exploited by a remote authenticated user to bypass access restrictions and read or write plan data. Connected sources (CNVD-2016-01260/01257/01258/01259 and related CVE-2016-1152 listing) cor...

CVE-2016-1152

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486...

CVE-2015-2008

IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive...

CVE-2016-2314

CVE-2016-2314 affects Huawei SmartAX MT882 devices running GlobespanVirata ftpd 1.0. The underlying issue allows remote authenticated users to trigger a denial of service (device outage) by creating an excessively long directory name with the FTP MKD command and then issuing additional FTP comman...

UBUNTU-CVE-2015-8630

The 1 kadm5createprincipal3 and 2 kadm5modifyprincipal functions in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash b...

UBUNTU-CVE-2015-8629

The xdrnullstring function in lib/kadm5/kadmrpcxdr.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service...

CVE-2016-0865

The CVE-2016-0865 entry concerns Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1 and 4.1.0 Build 16. Affected component is the web-based SMS EMS; the root cause is insecure credential handling that allows a remote authenticated user to change arbitrary passwo...

CVE-2016-0882

EMC Documentum xCP is affected: versions 2.1 before patch 23 and 2.2 before patch 11 are vulnerable to a XML External Entity (XXE) issue. The vulnerability enables remote authenticated users to read arbitrary files by sending a POST request containing an XML external entity declaration combined w...

The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, allows a hacker to gain administrator privileges.

The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain administrator privileges...

CVE-2016-1317

Cisco Unified Communications Manager (UCM) 11.5(0.98000.480) is affected by an information disclosure vulnerability. An authenticated, remote attacker could exploit a flaw in the web framework by requesting an unspecified URL to view sensitive data, specifically database table names and entity na...

CVE-2016-2048

Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...

Sauter moduWeb Vision Certificate Insecure Storage Vulnerability

Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. Sauter modoWeb Vision uses an insecure method of storing credentials, allowing remote attackers to bypass authentication by exploiting this vulnerability...

Design/Logic Flaw

The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1112 and Cisco Prime Security Manager PRSM software before 9.3.1.1112 allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842...

CVE-2016-1308

SQL injection vulnerability in Cisco Unified Communications Manager 10.52.13900.9 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227...

Code injection

General Electric GE Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors...