Latest CVE Feed
-
4.3
MEDIUMCVE-2015-2948
Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : zenphoto- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
4.9
MEDIUMCVE-2015-1010
Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack.... Read more
Affected Products : rsview32- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-4138
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attacke... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2855
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to cap... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2854
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-2853
Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID.... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2852
Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators.... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-2851
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.... Read more
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1937
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obt... Read more
Affected Products : powervc- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2015-0193
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject a... Read more
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
3.7
LOWCVE-2015-0121
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirem... Read more
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-0758
The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (X... Read more
Affected Products : unified_meetingplace- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-0747
Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.... Read more
Affected Products : headend_digital_broadband_delivery_system headend_system_release videoscape_conductor- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-0745
Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909.... Read more
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2015-0744
Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CS... Read more
Affected Products : headend_digital_broadband_delivery_system headend_system_release dta_control_system- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-0743
Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097.... Read more
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-0733
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS... Read more
Affected Products : headend_digital_broadband_delivery_system- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2015-4069
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.... Read more
Affected Products : arcserve_unified_data_protection- Published: May. 29, 2015
- Modified: Apr. 12, 2025
-
9.4
HIGHCVE-2015-4068
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.... Read more
- Actively Exploited
- Published: May. 29, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-4067
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow.... Read more
Affected Products : netvault_backup- Published: May. 29, 2015
- Modified: Apr. 12, 2025