CVE-2015-7774

PC-EGG pWebManager is affected by OS command injection (CWE-78) that can be triggered by a user with editor permissions. Vulnerable versions include pWebManager before 3.3.10 and pWebManager for PHP4 before 2.2.2. A remote authenticated editor can execute arbitrary OS commands on the server. Conn...

CVE-2015-2698

The iakerbgssexportseccontext function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service memory corruption or possibly have unspecified other impact by...

CVE-2015-6363

Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability (CVE-2015-6363) affects MC 5.4.1.4 and 6.0.1. The root cause is improper sanitization of parameter values in the web framework, allowing an authenticated remote attacker to inject arbitrary script/HTML via unspecif...

CVE-2015-8003

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads...

CVE-2015-8001

The chunked upload API ApiUpload in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size...

CVE-2015-8001

The chunked upload API ApiUpload in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size...

UBUNTU-CVE-2015-8002

The chunked upload API ApiUpload in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service disk consumption via a file upload using one byte chunks...

CVE-2015-8003

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads...

CVE-2015-5005

CVE-2015-5005 affects IBM PowerHA SystemMirror CSPOC on AIX 6.1 and 7.1. An authenticated remote user added to the cluster password-change list can exploit a shipped script to perform a privileged action, gaining root via an "su root" operation. The vulnerability is tied to the CSPOC feature that...

CVE-2015-1989

SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-6298

The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance WSA devices allows remote authenticated users to obtain root privileges via crafted certificate-generation...

Design/Logic Flaw

The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance WSA devices allows remote authenticated users to obtain root privileges via crafted certificate-generation...

CVE-2015-5021

Affected product: IBM InfoSphere Information Server (DataStage) 11.3 and 11.5. Description: A privilege/escalation vulnerability allows an authenticated DataStage user to bypass job-execution restrictions or view sensitive information via unspecified vectors. Root cause: not explicitly detailed i...

Design/Logic Flaw

Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords...

CVE-2015-3270

Apache Ambari is affected by a privilege-escalation vulnerability affecting versions before 2.0.2 and 2.1.x before 2.1.1. Remote authenticated users can obtain administrative privileges via unspecified vectors (possibly related to password changes). Root cause: privilege escalation in the Ambari ...

Kaspersky Total Security 'avp.exe' Authentication Bypass Vulnerability

Kaspersky Total Security is an all-encompassing multi-device version of antivirus software. A remote authentication bypass vulnerability exists in Kaspersky Total Security, which could be exploited by remote attackers to bypass authentication mechanisms and perform unauthorized operations...

Kaspersky Small Office Security 'avp.exe' Remote Authentication Bypass Vulnerability

Kaspersky Small Office Security is a suite of antivirus software for small and medium-sized businesses. A remote authentication bypass vulnerability exists in Kaspersky Small Office Security, which could be exploited by an attacker to bypass authentication mechanisms and perform unauthorized...

WordPress XML-RPC Brute Force Authentication Bypass Vulnerability

WordPress is a blogging platform developed using the PHP language. WordPress has an authentication bypass vulnerability that allows remote attackers to conduct brute force attacks to bypass the authentication mechanism and perform unauthorized operations...

Design/Logic Flaw

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page...

CVE-2015-6350

SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843...