| Max CVSS | 10.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-7247 | 7.8 |
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain se
|
26-04-2023 - 18:55 | 24-04-2017 - 18:59 | |
| CVE-2015-7246 | 10.0 |
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
|
26-04-2023 - 18:55 | 24-04-2017 - 18:59 | |
| CVE-2015-7245 | 5.0 |
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
|
26-04-2023 - 18:55 | 24-04-2017 - 18:59 | |
| CVE-2015-4592 | 6.5 |
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
|
14-03-2019 - 01:02 | 10-01-2017 - 15:59 | |
| CVE-2015-4593 | 6.8 |
eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the c
|
14-03-2019 - 00:57 | 10-01-2017 - 15:59 | |
| CVE-2015-4594 | 7.5 |
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.
|
13-03-2019 - 18:59 | 10-01-2017 - 15:59 | |
| CVE-2015-4591 | 4.3 |
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
|
13-03-2019 - 16:00 | 10-01-2017 - 15:59 | |
| CVE-2016-0862 | 4.0 |
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
|
17-10-2018 - 18:47 | 05-02-2016 - 11:59 | |
| CVE-2007-2772 | 7.8 |
(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.
|
16-10-2018 - 16:45 | 21-05-2007 - 21:30 | |
| CVE-2014-2045 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in
|
09-10-2018 - 19:43 | 20-01-2017 - 15:59 | |
| CVE-2018-6577 | 7.5 |
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
|
14-02-2018 - 16:26 | 02-02-2018 - 17:29 | |
| CVE-2016-0861 | 9.0 |
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.
|
10-09-2017 - 01:29 | 05-02-2016 - 11:59 | |
| CVE-2010-0688 | 9.3 |
Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file.
|
17-08-2017 - 01:32 | 19-03-2010 - 20:30 |