Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers...
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability...
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users...
Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries. Date published : 2015-12-29 http://corega.jp/support/security/20151224_wlncm4g.htm http://jvn.jp/en/jp/JVN51250073/index.html
Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. Date published : 2015-12-29 http://corega.jp/support/security/20151224_wlbaragm.htm http://jvn.jp/en/jp/JVN50775659/index.html
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. Date published : 2015-12-29 http://www.securityfocus.com/bid/79683 http://corega.jp/support/security/20151224_wlbargs.htm
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter. Date published...
Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2015-12-29 http://www.asus.com/jp/News/FX04LE8HN0qBoqFI http://jvn.jp/en/jp/JVN89965717/index.html
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors. Date published : 2015-12-29 http://www.asus.com/jp/News/FX04LE8HN0qBoqFI http://jvn.jp/en/jp/JVN85359294/index.html
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. Date published : 2015-12-29 http://www.asus.com/jp/News/FX04LE8HN0qBoqFI http://jvn.jp/en/jp/JVN34489380/index.html
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors. Date published : 2015-12-29 http://www.asus.com/jp/News/FX04LE8HN0qBoqFI http://jvn.jp/en/jp/JVN69462495/index.html
Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published...
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Date published :...
Cross-site scripting (XSS) vulnerability in Let’s PHP! Frame high-speed chat before 2015-09-22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2015-12-29 http://jvn.jp/en/jp/JVN35845584/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000188