CWE:
 

Topic
Date
Author
Med.
HP Printers Wi-Fi Direct Improper Access Control
03.02.2017
Neseso
Med.
SAP HANA Information Disclosure
28.05.2015
onapsis
High
TheCartPress WordPress plugin 1.3.9 Multiple Vulns
29.04.2015
High-Tech Bridge Secur...
Low
SAP Background Processing RFC Missing Authorization
29.04.2014
Onapsis
Low
SAP BASIS Missing Authorization Check
29.04.2014
Onapsis
Low
SAP Profile Maintenance Missing Authorization
29.04.2014
Onapsis
High
OpenDocMan 1.2.7 Multiple Vulnerabilities
05.03.2014
High-Tech Bridge
High
Microweber 0.8 Arbitrary File Deletion
18.10.2013
High-Tech Bridge Secur...
High
Samsung Kies 2.3.2.12054_20 NULL Pointer Dereference and bypass
16.10.2012
High-Tech Bridge Secur...
High
PBBoard 2.1.4 SQL Injection and Improper Authentication
09.08.2012
High-Tech Bridge Secur...
Med.
AWScripts Gallery Search Engine 1.x Insecure Cookie Vulnerability
01.07.2009
TiGeR-Dz


CVEMAP Search Results

CVE
Details
Description
2015-02-13
Low
CVE-2014-6195

Vendor: IBM
Software: Tivoli stora...
 

 
The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors.

 
2015-02-03
High
CVE-2015-0929

Vendor: Servision
Software: Hvg video ga...
 

 
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response.

 
2015-01-31
Medium
CVE-2015-0926

Vendor: Labtech software
Software: Labtech
 

 
Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file.

 
2015-01-28
Low
CVE-2015-1376

Vendor: Pixabay images project
Software: Pixabay images
 

 
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

 
2015-01-27
High
CVE-2014-9197

Vendor: Schneider-electric
Software: Tsxetg3000
 

 
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

 
Low
CVE-2014-9648

Vendor: Google
Software: Chrome
 

 
components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205.

 
2015-01-26
Low
CVE-2015-1307

Vendor: KDE
Software: Plasma-workspace
 

 
plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.

 
2014-12-25
Medium
CVE-2014-7193

Vendor: Hapijs
Software: Crumb
 

 
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site that is visited by an application consumer.

 
Medium
CVE-2014-1449

Vendor: Maxthon
Software: Maxthon clou...
 

 
The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

 
2014-12-22
Medium
CVE-2014-5208

Vendor: Yokogawa
Software: Centum cs 3000
 

 
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.

 

 


Copyright 2017, cxsecurity.com