Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-31 | CVE-2015-6020 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5 ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. | 8.0 |
| 2015-12-31 | CVE-2015-6019 | Unspecified vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5 The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | 8.5 |
| 2015-12-31 | CVE-2015-5996 | Cross-Site Request Forgery (CSRF) vulnerability in Mediabridge Medialink Mwn-Wapr300N Firmware 5.07.50 Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |
| 2015-12-31 | CVE-2015-2912 | Cross-Site Request Forgery (CSRF) vulnerability in Orientdb 2.0.14/2.1.0 The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request. | 8.8 |
| 2015-12-31 | CVE-2015-2895 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Idera Uptime Infrastructure Monitor 7.4 Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input. | 7.3 |
| 2015-12-31 | CVE-2015-2876 | Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session. | 8.8 |
| 2015-12-31 | CVE-2015-2875 | Path Traversal vulnerability in multiple products Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. | 7.5 |
| 2015-12-31 | CVE-2014-3260 | Cryptographic Issues vulnerability in Pacom 1000 CCU GMS and RTU GMS Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography. | 7.5 |
| 2015-12-30 | CVE-2015-7788 | Permissions, Privileges, and Access Controls vulnerability in Asus Wl-330Nul Firmware 3.0.0.41 ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. | 7.3 |
| 2015-12-30 | CVE-2015-7250 | Path Traversal vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. | 7.5 |