Search Results (5682 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6552 1 Veritas 2 Netbackup, Netbackup Appliance 2025-04-12 N/A
The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.
CVE-2015-6550 1 Veritas 2 Netbackup, Netbackup Appliance 2025-04-12 N/A
bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.
CVE-2015-6478 1 Unitronics 1 Visilogic Oplc Ide 2025-04-12 N/A
Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.
CVE-2015-5826 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-5746 1 Apple 1 Iphone Os 2025-04-12 N/A
AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.
CVE-2015-5623 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-12 N/A
WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php.
CVE-2015-4418 1 Zohocorp 1 Manageengine Netflow Analyzer 2025-04-12 N/A
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVE-2015-4302 1 Cisco 1 Firesight System Software 2025-04-12 N/A
The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390.
CVE-2015-4299 1 Cisco 1 Unified Web And E-mail Interaction Manager 2025-04-12 N/A
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046.
CVE-2015-4298 1 Cisco 1 Unified Web And E-mail Interaction Manager 2025-04-12 N/A
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056.
CVE-2015-4271 1 Cisco 1 Telepresence Tc Software 2025-04-12 N/A
Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604.
CVE-2015-3306 1 Proftpd 1 Proftpd 2025-04-12 N/A
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
CVE-2015-3253 3 Apache, Oracle, Redhat 14 Groovy, Health Sciences Clinical Development Center, Retail Order Broker Cloud Service and 11 more 2025-04-12 N/A
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
CVE-2015-3224 1 Rubyonrails 1 Web Console 2025-04-12 N/A
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
CVE-2015-3213 2 Clutter Project, Redhat 2 Clutter, Enterprise Linux 2025-04-12 N/A
The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures.
CVE-2015-3155 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-12 N/A
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2015-3148 8 Apple, Canonical, Debian and 5 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2025-04-12 N/A
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
CVE-2015-2267 1 Moodle 1 Moodle 2025-04-12 N/A
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.
CVE-2015-1253 3 Debian, Google, Redhat 3 Debian Linux, Chrome, Rhel Extras 2025-04-12 N/A
core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.
CVE-2015-1173 1 Unit4 1 Teta Web 2025-04-12 N/A
Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters."