Cross site scripting

Cross-site scripting XSS vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-2016

CVE-2015-2016 (IBM QRadar SIEM) describes a shell command injection vulnerability that can let an admin-authenticated user execute commands on the server as root. Affected products/versions include IBM QRadar SIEM 7.2.x and 7.1 MR2 with patches up to 11 IF02 or 7.2.5 Patch 4; IBM’s bulletin notes...

CVE-2015-0142

IBM OpenPages GRC Platform (versions 6.2–7.1) is affected by CVE-2015-0142 due to insufficient access checks for the System Administration Mode function, allowing remote authenticated users to transition to maintenance mode and trigger a data-storage outage. The vulnerability affects 6.2 before I...

CVE-2015-5645

ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors...

Code injection

Cisco Email Security Appliance ESA 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service file-descriptor consumption and device reload via crafted HTTP requests, aka Bug ID CSCuw32211...

CVE-2015-5711

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request...

CVE-2015-5435

Unspecified vulnerability in HP Integrated Lights-Out iLO firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors...

CVE-2015-6470

Resource Data Management’s Data Manager prior to version 2.2 is affected by a privilege-escalation vulnerability (CWE-269) that allows a valid authenticated user to change passwords for other users, including administrators, via unspecified vectors. Public records indicate remote access and passw...

CVE-2015-2915

CVE-2015-2915 affects Securifi Almond devices: firmware before AL1-R201EXP10-L304-W34 and Almond-2015 before AL2-R088M use a default admin password, enabling a local intranet attacker to gain web-management access. The vulnerability is due to default credentials that allow authentication without ...

CVE-2015-6547

Symantec Web Gateway SWG appliances with software before 5.2.2 DB 5.0.0.1277 are affected by CVE-2015-6547, a Command Injection at Boot Time Elevation of Privilege flaw in the management console. An authenticated remote attacker can inject commands via the hostname configuration, executing them w...

CVE-2015-6300

CVE-2015-6300 affects Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15). A vulnerability in the SSH feature allows remote authenticated users to cause a denial of service by issuing crafted commands via CLI or GUI, triggering an SSH screen process crash (Bug ID CSCuw24694). The C...

CVE-2015-4305

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656...

Design/Logic Flaw

rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker...

CVE-2015-2136

HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors...

CVE-2015-2136

HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors...

CVE-2015-4980

Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors...

Design/Logic Flaw

The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin...

mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption...

DEBIAN-CVE-2015-3241

OpenStack Compute nova 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service disk, network, and other resource consumption by resizing and then deleting an instance...

CVE-2015-2990

Summary: CVE-2015-2990 is a directory traversal vulnerability in desknet NEO (NEOJAPAN) where zhtml.cgi fails to verify HTML parameters. Affected product/versions: desknet’s NEO, versions 2.0R1.0 through 2.5R1.4. Vulnerability details: An authenticated user may read arbitrary files on the server ...