Latest CVE Feed
-
3.5
LOWCVE-2015-0216
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.... Read more
Affected Products : moodle- Published: Jun. 01, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-0215
calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.... Read more
Affected Products : moodle- Published: Jun. 01, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-0214
message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request... Read more
Affected Products : moodle- Published: Jun. 01, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-0213
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijac... Read more
Affected Products : moodle- Published: Jun. 01, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2015-0212
Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.... Read more
Affected Products : moodle- Published: Jun. 01, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-0211
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which ... Read more
Affected Products : moodle- Published: Jun. 01, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-3939
Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials f... Read more
- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-3292
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more
Affected Products : oncommand_workflow_automation- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2949
Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : zenphoto- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2948
Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : zenphoto- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
4.9
MEDIUMCVE-2015-1010
Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack.... Read more
Affected Products : rsview32- Published: May. 31, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-4138
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attacke... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2855
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to cap... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2854
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-2853
Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID.... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-2852
Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators.... Read more
Affected Products : ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv2800 ssl_visibility_appliance_sv1800 ssl_visibility_appliance_sv3800 ssl_visibility_appliance_sv800- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-2851
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.... Read more
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-1937
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obt... Read more
Affected Products : powervc- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2015-0193
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject a... Read more
- Published: May. 30, 2015
- Modified: Apr. 12, 2025
-
3.7
LOWCVE-2015-0121
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirem... Read more
- Published: May. 30, 2015
- Modified: Apr. 12, 2025