CVE-2015-6350

SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843...

CVE-2015-6348

The CVE-2015-6348 issue affects Cisco Secure Access Control Server (ACS) 5.7(0.15) where the report-generation web interface contains RBAC validation weaknesses. An authenticated remote user could access restricted report/status pages via the report-generation web interface, potentially exposing ...

CVE-2011-0528

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors...

CVE-2008-3234

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...

Allen-Bradley MicroLogix SQL Injection Vulnerability

Allen-Bradley MicroLogix is a programmable logic controller PLC from Rockwell Automation. An SQL injection vulnerability exists in Allen-Bradley MicroLogix 1100 prior to B FRN 15.000 and 1400 prior to B FRN 15.003. It allows an authenticated remote user to execute arbitrary SQL commands via...

DEBIAN-CVE-2015-5292

Memory leak in the Privilege Attribute Certificate PAC responder plugin sssdpacplugin.so in System Security Services Daemon SSSD 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service memory consumption via a large number of logins that trigger parsing of PAC blobs duri...

UBUNTU-CVE-2015-5292

Memory leak in the Privilege Attribute Certificate PAC responder plugin sssdpacplugin.so in System Security Services Daemon SSSD 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service memory consumption via a large number of logins that trigger parsing of PAC blobs duri...

CVE-2015-5292

The CVE-2015-5292 issue affects SSSD PAC responder (sssd_pac_plugin.so) in SSSD 1.10 up to, but not including, 1.13.1. The vulnerability permits remote authenticated users to trigger a denial of service via memory consumption by issuing many logins that parse PAC blobs during Kerberos authenticat...

CVE-2015-5669

Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors...

CVE-2015-6493

Cross-site request forgery CSRF vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors...

CVE-2015-5712

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system informatio...

CVE-2015-6493

CVE-2015-6493 affects Infinite Automation Mango Automation versions 2.5.x through 2.6.x (up to 2.6.0 build 430). It is a Cross-Site Request Forgery (CSRF) vulnerability that can allow an authenticated remote attacker to hijack the victim’s session, with unspecified vectors. Public exploitation ev...

CVE-2015-6491

Rockwell Automation MicroLogix 1100 and 1400 PLCs are affected by CVE-2015-6491. Specifically, MicroLogix 1100 controllers (Series B) with firmware version 14.000 and earlier are mitigated by updating to 15.000, while MicroLogix 1400 controllers (Series B) with firmware 15.003 and earlier require...

CVE-2015-5240

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group...

DEBIAN-CVE-2015-5251

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

CVE-2015-5251

CVE-2015-5251 affects OpenStack Image Service (Glance) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo). The issue allows remote authenticated users to bypass access restrictions and change the status of their images by sending HTTP header x-image-meta-status to images/*, enabling m...

CVE-2015-5286

OpenStack Image Service (Glance) is vulnerable in versions prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo). A remote authenticated user can bypass storage quotas and cause a denial of service by deleting images that are being uploaded with a token that expires during the process. R...

CVE-2015-7699

The filesexternal app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."...

CVE-2015-5286

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...

CVE-2015-6335

The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839...