| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-3237 | 6.4 |
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
|
17-10-2018 - 01:29 | 22-06-2015 - 19:59 | |
| CVE-2015-3236 | 5.0 |
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain
|
17-10-2018 - 01:29 | 22-06-2015 - 19:59 | |
| CVE-2015-5316 | 4.3 |
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemo
|
21-03-2018 - 13:06 | 21-02-2018 - 16:29 | |
| CVE-2008-0572 | 6.8 |
Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php; and (2) ask.inc.php, (3) learn.inc.php, (4) manage.
|
29-09-2017 - 01:30 | 05-02-2008 - 02:00 | |
| CVE-2012-5920 | 4.3 |
Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vec
|
29-08-2017 - 01:32 | 20-11-2012 - 00:55 | |
| CVE-2003-1475 | 6.8 |
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access.
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2015-4212 | 5.0 |
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.
|
28-12-2016 - 17:46 | 24-06-2015 - 10:59 | |
| CVE-2015-4214 | 4.0 |
Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050.
|
28-12-2016 - 17:44 | 24-06-2015 - 10:59 | |
| CVE-2015-4725 | 4.3 |
Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
|
07-12-2016 - 18:14 | 23-06-2015 - 14:59 | |
| CVE-2015-4726 | 7.5 |
PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter.
|
07-12-2016 - 18:14 | 23-06-2015 - 14:59 | |
| CVE-2015-4714 | 4.3 |
Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.
|
07-12-2016 - 18:13 | 22-06-2015 - 18:59 | |
| CVE-2015-4586 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add_use
|
07-12-2016 - 18:13 | 23-06-2015 - 14:59 | |
| CVE-2015-2169 | 4.3 |
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned
|
03-12-2016 - 03:04 | 24-06-2015 - 14:59 |