Export limit exceeded: 367105 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367105 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6459 1 Ge 1 Mds Pulsenet 2025-04-12 N/A
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.
CVE-2015-6460 1 3s-smart 1 Codesys Gateway Server 2025-04-12 N/A
Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.
CVE-2015-6463 2 Codewrights, Endress\+hauser 2 Hart Comm Dtm, Hart Comm Dtm 2025-04-12 N/A
CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a longtag XML schema containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2015-6464 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2025-04-12 N/A
The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin.
CVE-2015-6465 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2025-04-12 N/A
The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL.
CVE-2015-6466 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field.
CVE-2015-6467 1 Advantech 1 Webaccess 2025-04-12 N/A
Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.
CVE-2015-6468 1 Resource Data Management Data Manager 1 Data Manager 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-6469 1 Ibc Solar 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ 2025-04-12 N/A
The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors.
CVE-2015-6470 1 Resource Data Management Data Manager 1 Data Manager 2025-04-12 N/A
Resource Data Management Data Manager before 2.2 allows remote authenticated users to modify arbitrary passwords via unspecified vectors.
CVE-2015-6471 1 Eaton 1 Proview 2025-04-12 N/A
Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data.
CVE-2015-6474 1 Ibc Solar 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ 2025-04-12 N/A
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code.
CVE-2015-6475 1 Ibc Solar 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6476 1 Advantech 14 Eki-1221, Eki-1221d, Eki-1222 and 11 more 2025-04-12 N/A
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.
CVE-2015-6478 1 Unitronics 1 Visilogic Oplc Ide 2025-04-12 N/A
Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.
CVE-2015-6479 1 Sierrawireless 7 Aleos, Es440, Es450 and 4 more 2025-04-12 4.3 Medium
ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors.
CVE-2015-6480 1 Moxa 1 Oncell Central Manager 2025-04-12 N/A
The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action.
CVE-2015-6481 1 Moxa 1 Oncell Central Manager 2025-04-12 N/A
The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session.
CVE-2015-6482 1 3s-software 1 Codesys Runtime System 2025-04-12 N/A
Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request.
CVE-2015-6484 1 3s-smart Software Solutions 1 Codesys Gateway Server 2025-04-12 N/A
3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request.