Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-02 | CVE-2015-7426 | OS Command Injection vulnerability in IBM products The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 10.0 |
| 2015-12-31 | CVE-2015-5989 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. | 9.8 |
| 2015-12-31 | CVE-2015-5988 | Credentials Management vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | 9.8 |
| 2015-12-31 | CVE-2015-7280 | Credentials Management vulnerability in Readynet Solutions Wrt300N-Dd Firmware 1.0.26 The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | 9.8 |
| 2015-12-31 | CVE-2015-7277 | Credentials Management vulnerability in Ampedwireless R10000 Firmware 2.5.2.11 The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | 9.8 |
| 2015-12-31 | CVE-2015-6018 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5 The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | 9.8 |
| 2015-12-31 | CVE-2015-6016 | Credentials Management vulnerability in Zyxel Nbg-418N, Pmg5318-B20A Firmware and Zynos Firmware ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | 9.8 |
| 2015-12-31 | CVE-2015-5995 | Permissions, Privileges, and Access Controls vulnerability in multiple products Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header. | 9.8 |
| 2015-12-31 | CVE-2015-2874 | Credentials Management vulnerability in multiple products Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | 9.8 |
| 2015-12-30 | CVE-2015-7792 | Permissions, Privileges, and Access Controls vulnerability in Corega Cg-Wlbargs Firmware Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. | 9.8 |