Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-31 | CVE-2015-5990 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |
| 2015-12-31 | CVE-2015-5989 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. | 9.8 |
| 2015-12-31 | CVE-2015-5988 | Credentials Management vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | 9.8 |
| 2015-12-31 | CVE-2015-5987 | Unspecified vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | 8.6 |
| 2015-12-31 | CVE-2015-1947 | Unspecified vulnerability in IBM Infosphere Biginsights Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program. | 7.4 |
| 2015-12-31 | CVE-2015-7447 | Information Exposure vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors. | 5.3 |
| 2015-12-31 | CVE-2015-7284 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nbg-418N and Nbg-418N Firmware Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users. | 8.0 |
| 2015-12-31 | CVE-2015-7283 | Credentials Management vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0 The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | 8.1 |
| 2015-12-31 | CVE-2015-7282 | Improper Input Validation vulnerability in Readynet Solutions Wrt300N-Dd and Wrt300N-Dd Firmware ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. | 5.8 |
| 2015-12-31 | CVE-2015-7281 | Cross-Site Request Forgery (CSRF) vulnerability in Readynet Solutions Wrt300N-Dd Firmware 1.0.26 Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |