Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-23 CVE-2015-6817 Improper Authentication vulnerability in Pgbouncer 1.6
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
network
high complexity
pgbouncer CWE-287
8.1
8.1
2017-05-23 CVE-2015-6586 Information Exposure vulnerability in Huawei products
The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network.
network
low complexity
huawei CWE-200
7.5
7.5
2017-05-23 CVE-2015-5682 Permissions, Privileges, and Access Controls vulnerability in Powerplay Gallery Project Powerplay Gallery 3.3
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.
network
low complexity
powerplay-gallery-project CWE-264
7.5
7.5
2017-05-23 CVE-2015-5469 Path Traversal vulnerability in MDC Youtube Downloader Project MDC Youtube Downloader 2.1.0
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.
network
low complexity
mdc-youtube-downloader-project CWE-22
7.5
7.5
2017-05-23 CVE-2015-5468 Path Traversal vulnerability in Wpshopstyling WP E-Commerce Shop Styling 2.5
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a ..
network
low complexity
wpshopstyling CWE-22
7.5
7.5
2017-05-23 CVE-2015-5401 Improper Input Validation vulnerability in Teradata Express and Teradata Gateway
Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message.
network
low complexity
teradata CWE-20
7.5
7.5
2017-05-23 CVE-2015-5383 Information Exposure vulnerability in Roundcube Webmail and Webmail
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
network
low complexity
roundcube CWE-200
7.5
7.5
2017-05-23 CVE-2015-4704 Path Traversal vulnerability in Download ZIP Attachments Project Download ZIP Attachments 1.0
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a ..
network
low complexity
download-zip-attachments-project CWE-22
7.5
7.5
2017-05-23 CVE-2015-4054 NULL Pointer Dereference vulnerability in Pgbouncer
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.
network
low complexity
pgbouncer CWE-476
7.5
7.5
2017-05-23 CVE-2015-4046 Command Injection vulnerability in Alienvault Open Source Security Information Management
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.
network
low complexity
alienvault CWE-77
7.2
7.2