Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-27 | CVE-2015-7261 | Credentials Management vulnerability in Qnap Iartist Lite and Signage Station The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21. | 9.8 |
| 2016-02-27 | CVE-2015-6036 | Unspecified vulnerability in Qnap Sinage Station 2.0.0 QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. | 7.5 |
| 2016-02-27 | CVE-2015-6022 | Unspecified vulnerability in Qnap Signage Station 2.0 Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL. | 8.8 |
| 2016-02-26 | CVE-2016-1342 | Information Exposure vulnerability in Cisco Secure Firewall Management Center The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. | 5.3 |
| 2016-02-26 | CVE-2016-1297 | OS Command Injection vulnerability in Cisco Application Control Engine Software The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801. | 8.8 |
| 2016-02-25 | CVE-2016-0763 | Permissions, Privileges, and Access Controls vulnerability in multiple products The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. | 6.3 |
| 2016-02-25 | CVE-2016-0714 | Permissions, Privileges, and Access Controls vulnerability in multiple products The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. | 8.8 |
| 2016-02-25 | CVE-2016-0706 | Information Exposure vulnerability in multiple products Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. | 4.3 |
| 2016-02-25 | CVE-2015-5351 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. | 8.8 |
| 2016-02-25 | CVE-2015-5346 | Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. | 8.1 |