The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 allows a intruder to execute any code they desire.

The vulnerability of the Factory Cast component of the microprogramming software for Schneider Electric’s Modicon M340 programmable logic controllers arises from insufficient validation of input data. Exploiting this vulnerability allows a malicious actor, who operates remotely and has passed...

UBUNTU-CVE-2015-4890

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication...

UBUNTU-CVE-2015-4879

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML...

UBUNTU-CVE-2015-4895

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB...

UBUNTU-CVE-2015-4816

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB...

UBUNTU-CVE-2015-4792

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802...

CVE-2015-1806

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors...

CVE-2015-1807

CVE-2015-1807 affects Jenkins (CloudBees Jenkins CI and Jenkins core) prior to 1.600 and LTS prior to 1.596.1. The issue is a directory traversal vulnerability: during artifact handling, Jenkins could follow a symlink, enabling a remote authenticated user with certain permissions to read arbitrar...

CVE-2015-7727

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 NewDB100REL allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the 1 trace configuration page or 2 getSqlTraceConfiguration function, aka SAP...

Sql injection

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 NewDB100REL allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the 1 trace configuration page or 2 getSqlTraceConfiguration function, aka SAP...

Sql injection

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the 1 remoteSourceName in the dropCredentials function or unspecified vectors in the 2 setTraceLevelsForXsApps...

CVE-2015-7727

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 NewDB100REL allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the 1 trace configuration page or 2 getSqlTraceConfiguration function, aka SAP...

CVE-2015-7726

The CVE-2015-7726 entry concerns a cross-site scripting (XSS) vulnerability in SAP HANA DB’s Web-based Development Workbench, specifically in the role deletion function. Affected software is SAP HANA DB 1.00.091.00.1418659308, where remote authenticated users can inject arbitrary web script or HT...

CVE-2015-5443

The CVE-2015-5443 entry concerns HP 3PAR Service Processor SPOCC, where remote authenticated users could obtain sensitive information. Affected SPOCC versions are SP 4.2.0.GA-29 (GA), SP 4.3.0.GA-17 (GA), and SP 4.3.0-GA-24 (MU1). The vulnerability is described as an information disclosure with u...

Multiple Vulnerabilities in the Western Digital Arkeia arkeiad Daemon

Western Digital Arkeia is a network backup and recovery solution from Western Digital. A security vulnerability exists in the arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia versions 11.0.12 and earlier. A remote attacker could exploit this vulnerability by sending a series of...

CVE-2015-7765

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password...

CVE-2015-5641

SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-4967

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 throu...

CVE-2015-5024

IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticated users to obtain sensitive supplier-bid information via unspecified vectors...

CVE-2015-4964

IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTHTOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process...