Vulnerabilities > 7PK - Security Features
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-04-03 | CVE-2015-0993 | 7PK - Security Features vulnerability in Inductiveautomation Ignition 7.7.2 Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | 6.4 |
2015-03-11 | CVE-2015-0084 | 7PK - Security Features vulnerability in Microsoft products The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka "Task Scheduler Security Feature Bypass Vulnerability." | 2.1 |
2015-03-11 | CVE-2015-0005 | 7PK - Security Features vulnerability in Microsoft products The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability." | 4.3 |
2015-03-10 | CVE-2015-0201 | 7PK - Security Features vulnerability in multiple products The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. | 5.0 |
2015-02-25 | CVE-2015-0832 | 7PK - Security Features vulnerability in multiple products Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . | 5.0 |
2015-02-11 | CVE-2015-0009 | 7PK - Security Features vulnerability in Microsoft products The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability." | 3.3 |
2015-02-03 | CVE-2015-0599 | 7PK - Security Features vulnerability in Cisco Unified Computing System The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. | 4.3 |
2015-02-03 | CVE-2014-8779 | 7PK - Security Features vulnerability in Pexip Infinity 7.0 Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys. | 7.1 |
2014-12-29 | CVE-2014-2224 | 7PK - Security Features vulnerability in Plogger 1.0 Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions. | 5.0 |
2014-12-18 | CVE-2014-6174 | 7PK - Security Features vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |