Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2015-12-31 CVE-2015-7281 Cross-Site Request Forgery (CSRF) vulnerability in Readynet Solutions Wrt300N-Dd Firmware 1.0.26
Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
readynet-solutions CWE-352
8.8
2015-12-31 CVE-2015-7278 Cross-Site Request Forgery (CSRF) vulnerability in Ampedwireless R10000 Firmware 2.5.2.11
Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
ampedwireless CWE-352
8.8
2015-12-31 CVE-2015-6020 Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account.
low complexity
zyxel CWE-264
8.0
2015-12-31 CVE-2015-6019 Unspecified vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5
The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
network
low complexity
zyxel
8.5
2015-12-31 CVE-2015-5996 Cross-Site Request Forgery (CSRF) vulnerability in Mediabridge Medialink Mwn-Wapr300N Firmware 5.07.50
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
mediabridge CWE-352
8.8
2015-12-31 CVE-2015-2912 Cross-Site Request Forgery (CSRF) vulnerability in Orientdb 2.0.14/2.1.0
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
network
low complexity
orientdb CWE-352
8.8
2015-12-31 CVE-2015-2895 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Idera Uptime Infrastructure Monitor 7.4
Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input.
network
low complexity
idera CWE-119
7.3
2015-12-31 CVE-2015-2876 Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
low complexity
lacie seagate
8.8
2015-12-31 CVE-2015-2875 Path Traversal vulnerability in multiple products
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
network
low complexity
seagate lacie CWE-22
7.5
2015-12-31 CVE-2014-3260 Cryptographic Issues vulnerability in Pacom 1000 CCU GMS and RTU GMS
Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography.
high complexity
pacom CWE-310
7.5