CVE-2015-2559

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL...

CVE-2015-2559

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL...

CVE-2015-2559

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL...

CVE-2015-2559

Removed by vendor...

DEBIAN-CVE-2015-1804

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service out-of-bounds memory access and possibly execute arbitrary co...

UBUNTU-CVE-2015-1804

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service out-of-bounds memory access and possibly execute arbitrary co...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0123...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

PT-2015-3734 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.5.4 Foreman versions 1.6.x prior to 1.6.2 Description: The issue allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate, due to the failure ...

CVE-2015-0933

Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openinany setting is omitted, allows remote authenticated users to read arbitrary files via a \include command...

PicketBox JBossSX Arbitrary File Execution Vulnerability

PicketBox is a set of java security framework , it provides developers with authentication , authorization , auditing and security mapping functions . An arbitrary file execution vulnerability exists in PicketBox JBossSX, which allows remote authenticated users to exploit the vulnerability to rea...

CVE-2014-8487

Kony EMM (Enterprise Mobile Management) 1.2 and earlier is affected by CVE-2014-8487 due to Insecure Direct Object References. A logged-in user can read arbitrary messages via /emm/selfservice/managedevice/getMessageBody?messageId= and retrieve device-related information via /emm/selfservice/devi...

Red Hat JBoss Enterprise Application Platform Access Restriction Bypass Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat, Inc. of a set of open source, J2EE-based middleware platform, which is mainly used to build, deploy and host Java applications and services. An access restriction bypass vulnerability exists in Red Hat JBoss...

Mail.com Email Remote Authentication bypass 0day Exploit

This 0day Vulnerability can reset any email on mail.com service. Material holder may access any email box. This is private exploit. You can buy it at https://0day.today...

CVE-2015-1618

The ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL...

CVE-2015-1618

The ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL...

PYSEC-2015-29

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the getrepo API method...

Design/Logic Flaw

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the getrepo API method...

CVE-2015-0518

EMC Documentum D2 (D2FS web service Properties component) is affected by CVE-2015-0518. A flaw in the D2FS Properties service allows a remote authenticated, low-privilege D2 user to modify group permissions and escalate to superuser privileges. Affected products/versions include D2 3.1 through SP...

CVE-2014-6139

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter...