Design/Logic Flaw

Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access...

CVE-2015-2120

Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567...

Code injection

Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567...

Design/Logic Flaw

The administrative web interface in Cisco Hosted Collaboration Solution HCS 10.61 and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786...

CVE-2015-0916

SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the localgraphid parameter, a different vulnerability than CVE-2007-6035...

Multiple Vulnerabilities in ISPConfig

High-Tech Bridge Security Research Lab discovered two vulnerabilities in a popular hosting control panel ISPConfig. The vulnerabilities can be exploited to execute arbitrary SQL commands in application database, perform a CSRF attack and gain complete control over the web application. 1 SQL...

Moodle Private File Upload Vulnerability

Moodle is an open source web-based teaching and learning application. A security vulnerability exists in Moodle versions prior to 2.6.11, 2.7.8, 2.8.6, and 2.9 that allows remotely authenticated users with the 'moodle/user:manageownfiles' feature to upload private files via Web Services...

CVE-2015-0739

The Lights-Out Management LOM implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller BMC file uploads via unspecified vectors, aka Bug ID CSCus87938...

Code injection

The web administration interface on Cisco Wireless LAN Controller WLC devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service device crash via unspecified parameters, aka Bug IDs CSCum65159 and...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW00...

CVE-2015-3646

OpenStack Identity Keystone before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backendargument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs...

CVE-2015-3013

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file...

CVE-2015-3011

CVE-2015-3011 is an XSS in ownCloud’s contacts app (Community Edition) allowing remote authenticated users to inject script/HTML via crafted contacts. Affected: ownCloud Server 5.0.19 and 6.x/7.x before specific fixes. Remediation: upgrade to patched packages (e.g., Debian/DSA-3244-1 fixes). Note...

CVE-2015-3013

The CVE-2015-3013 entry applies to ownCloud Server releases before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5, where authenticated remote users could bypass the file blacklist and upload arbitrary files by using UTF-8 encoded paths (demonstrated with .htaccess). Exploitation requires authenti...

CVE-2014-0919

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities...

CVE-2014-0919

CVE-2014-0919 affects IBM DB2 9.5–10.5 on Linux/UNIX/Windows, where passwords may be exposed during processing of certain SQL statements by the monitoring/audit facilities, exploitable by remote authenticated users. The issue is an information-disclosure vulnerability in the DB2 LUW monitoring/au...

mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU Jan 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML...

CVE-2015-3457

Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter...

CVE-2015-0709

Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service device crash by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348...

Code injection

Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service device crash by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348...