Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-12-28 | CVE-2013-7446 | Unspecified vulnerability in Linux Kernel Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. | 5.3 |
2015-12-27 | CVE-2015-7783 | Cross-site Scripting vulnerability in Let'S PHP! Pbbs 4.05 Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2015-12-27 | CVE-2015-7665 | Information Exposure vulnerability in Tails Project Tails 1.6 Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. | 5.3 |
2015-12-27 | CVE-2015-6538 | Unspecified vulnerability in Ephiphanyheathdata Cardio Server 3.3/4.0/4.1 The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL. | 9.8 |
2015-12-27 | CVE-2015-6537 | SQL Injection vulnerability in Epiphanyhealthdata Cardio Server 3.3 SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | 9.8 |
2015-12-27 | CVE-2015-8263 | Unspecified vulnerability in Netgear Wnr1000V3 and Wnr1000V3 Firmware NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. | 8.6 |
2015-12-27 | CVE-2015-8262 | Unspecified vulnerability in Buffalotech products Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | 6.8 |
2015-12-27 | CVE-2015-8254 | Insufficient Verification of Data Authenticity vulnerability in RSI Video Technologies Frontel Protocol 2.0 The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream. | 5.9 |
2015-12-27 | CVE-2015-8253 | Information Exposure vulnerability in RSI Video Technologies Frontel Protocol 2.0 The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network. | 3.7 |
2015-12-27 | CVE-2015-8252 | Information Exposure vulnerability in RSI Video Technologies Frontel Protocol 2.0 The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number. | 5.9 |