Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-19 | CVE-2015-2286 | Information Exposure vulnerability in EDX Open EDX 20150127 lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site. | 6.5 |
| 2016-03-18 | CVE-2016-3155 | Information Exposure vulnerability in Siemens Apogee Insight Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. | 3.4 |
| 2016-03-18 | CVE-2016-2281 | Permissions, Privileges, and Access Controls vulnerability in ABB Panel Builder 800 5.1 Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 7.2 |
| 2016-03-18 | CVE-2015-8154 | Permissions, Privileges, and Access Controls vulnerability in Symantec Endpoint Protection Manager The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." | 8.8 |
| 2016-03-18 | CVE-2015-8153 | SQL Injection vulnerability in Symantec Endpoint Protection Manager SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2016-03-18 | CVE-2015-8152 | Cross-Site Request Forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager 12.1 Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. | 8.0 |
| 2016-03-18 | CVE-2014-9768 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netview Access Services IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. | 8.8 |
| 2016-03-18 | CVE-2016-1996 | Unspecified vulnerability in HP System Management Homepage HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors. | 7.7 |
| 2016-03-18 | CVE-2016-1995 | Unspecified vulnerability in HP System Management Homepage HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2016-03-18 | CVE-2016-1994 | Information Exposure vulnerability in HP System Management Homepage HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 6.5 |