Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-28 | CVE-2015-6034 | Permissions, Privileges, and Access Controls vulnerability in Epson Network Utility 4.10 EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. | 6.9 |
| 2015-10-28 | CVE-2014-8912 | Improper Access Control vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. | 5.0 |
| 2015-10-28 | CVE-2015-7904 | Unspecified vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file. | 6.5 |
| 2015-10-28 | CVE-2015-7903 | SQL Injection vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2015-10-28 | CVE-2015-7902 | Information Exposure vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests. | 5.0 |
| 2015-10-28 | CVE-2015-7901 | OS Command Injection vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | 6.5 |
| 2015-10-28 | CVE-2015-7900 | Information Exposure vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page. | 4.3 |
| 2015-10-28 | CVE-2015-7873 | 7PK - Security Features vulnerability in PHPmyadmin The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. | 5.0 |
| 2015-10-28 | CVE-2015-6493 | Cross-Site Request Forgery (CSRF) vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0 Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2015-10-28 | CVE-2015-6491 | Unspecified vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. | 4.0 |