| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1101 |
CVE-2015-3612 |
79 |
|
XSS |
2020-02-04 |
2020-02-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. |
|
1102 |
CVE-2015-3611 |
78 |
|
|
2020-02-04 |
2020-02-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. |
|
1103 |
CVE-2015-3423 |
89 |
|
Exec Code Sql |
2020-02-08 |
2020-02-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter. |
|
1104 |
CVE-2015-3309 |
22 |
|
Dir. Trav. |
2020-02-13 |
2020-02-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297. |
|
1105 |
CVE-2015-3006 |
331 |
|
|
2020-02-28 |
2020-03-10 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
|
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability. |
|
1106 |
CVE-2015-2992 |
79 |
|
XSS |
2020-02-27 |
2021-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. |
|
1107 |
CVE-2015-2923 |
20 |
|
|
2020-02-20 |
2020-02-28 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. |
|
1108 |
CVE-2015-2909 |
269 |
|
|
2020-02-06 |
2020-02-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords." |
|
1109 |
CVE-2015-2802 |
200 |
|
+Info |
2020-02-04 |
2021-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability. |
|
1110 |
CVE-2015-2207 |
79 |
|
XSS |
2020-02-08 |
2020-02-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter. |
|
1111 |
CVE-2015-2062 |
89 |
|
Exec Code Sql |
2020-02-08 |
2020-02-11 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php. |
|
1112 |
CVE-2015-1425 |
20 |
|
|
2020-02-18 |
2020-02-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities |
|
1113 |
CVE-2015-1394 |
79 |
|
XSS |
2020-02-08 |
2020-02-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php. |
|
1114 |
CVE-2015-0749 |
79 |
|
Exec Code XSS |
2020-02-19 |
2020-02-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. |
|
1115 |
CVE-2015-0565 |
119 |
|
Overflow |
2020-02-25 |
2020-03-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible. |
|
1116 |
CVE-2015-0258 |
434 |
|
Exec Code |
2020-02-17 |
2022-01-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. |
|
1117 |
CVE-2015-0102 |
287 |
|
|
2020-02-05 |
2020-02-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
|
1118 |
CVE-2014-10400 |
384 |
|
|
2020-02-06 |
2020-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. |
|
1119 |
CVE-2014-10399 |
384 |
|
|
2020-02-06 |
2020-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. |
|
1120 |
CVE-2014-9753 |
287 |
|
Bypass |
2020-02-11 |
2020-02-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. |
|
1121 |
CVE-2014-9748 |
362 |
|
DoS |
2020-02-11 |
2020-02-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. |
|
1122 |
CVE-2014-9617 |
601 |
|
|
2020-02-19 |
2020-02-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. |
|
1123 |
CVE-2014-9615 |
79 |
|
XSS |
2020-02-19 |
2020-02-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. |
|
1124 |
CVE-2014-9614 |
798 |
|
|
2020-02-19 |
2020-02-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. |
|
1125 |
CVE-2014-9613 |
89 |
|
Exec Code Sql |
2020-02-19 |
2020-02-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. |
|
1126 |
CVE-2014-9612 |
89 |
|
Exec Code Sql |
2020-02-19 |
2020-02-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. |
|
1127 |
CVE-2014-9609 |
22 |
|
Dir. Trav. |
2020-02-19 |
2020-02-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action. |
|
1128 |
CVE-2014-9608 |
79 |
|
XSS |
2020-02-19 |
2020-02-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
|
1129 |
CVE-2014-9607 |
79 |
|
XSS |
2020-02-19 |
2020-02-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
|
1130 |
CVE-2014-9606 |
79 |
|
XSS |
2020-02-19 |
2020-02-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/. |
|
1131 |
CVE-2014-9530 |
|
|
|
2020-02-07 |
2020-02-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact. |
|
1132 |
CVE-2014-9470 |
79 |
|
XSS |
2020-02-08 |
2020-02-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. |
|
1133 |
CVE-2014-9390 |
20 |
|
Exec Code |
2020-02-12 |
2021-05-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. |
|
1134 |
CVE-2014-9127 |
200 |
|
+Info |
2020-02-08 |
2020-02-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php. |
|
1135 |
CVE-2014-9126 |
79 |
|
XSS CSRF |
2020-02-08 |
2020-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php. |
|
1136 |
CVE-2014-8739 |
434 |
|
Exec Code |
2020-02-08 |
2020-02-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. |
|
1137 |
CVE-2014-8347 |
287 |
1
|
Bypass |
2020-02-11 |
2020-02-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. |
|
1138 |
CVE-2014-8328 |
200 |
|
+Info |
2020-02-03 |
2020-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request. |
|
1139 |
CVE-2014-8271 |
120 |
|
Overflow +Priv |
2020-02-06 |
2020-02-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. |
|
1140 |
CVE-2014-8128 |
787 |
|
DoS |
2020-02-12 |
2020-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. |
|
1141 |
CVE-2014-8089 |
89 |
|
Exec Code Sql |
2020-02-17 |
2020-02-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. |
|
1142 |
CVE-2014-7951 |
22 |
|
Dir. Trav. |
2020-02-20 |
2020-02-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers. |
|
1143 |
CVE-2014-7914 |
863 |
|
Bypass |
2020-02-21 |
2020-02-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. |
|
1144 |
CVE-2014-7863 |
200 |
|
+Info |
2020-02-08 |
2020-02-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet. |
|
1145 |
CVE-2014-7236 |
74 |
|
Exec Code |
2020-02-17 |
2020-02-20 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. |
|
1146 |
CVE-2014-7224 |
20 |
|
Exec Code |
2020-02-07 |
2020-02-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code. |
|
1147 |
CVE-2014-6447 |
79 |
|
XSS |
2020-02-11 |
2020-02-25 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1. |
|
1148 |
CVE-2014-6413 |
79 |
|
XSS |
2020-02-07 |
2020-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. |
|
1149 |
CVE-2014-6262 |
134 |
|
DoS Exec Code |
2020-02-12 |
2022-01-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. |
|
1150 |
CVE-2014-5468 |
20 |
1
|
Exec Code +Info File Inclusion |
2020-02-07 |
2020-02-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. |
