Filtered by CWE-264
Total 5449 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-4596 1 Lenovo 1 Mouse Suite 2024-11-21 N/A
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
CVE-2015-4548 1 Rsa 1 Web Threat Detection 2024-11-21 N/A
EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file.
CVE-2015-4545 1 Emc 1 Isilon Onefs 2024-11-21 N/A
EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.
CVE-2015-4544 1 Emc 1 Documentum Content Server 2024-11-21 N/A
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626.
CVE-2015-4542 1 Emc 1 Rsa Archer Grc 2024-11-21 N/A
EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors.
CVE-2015-4535 1 Emc 1 Documentum Content Server 2024-11-21 N/A
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket.
CVE-2015-4533 1 Emc 1 Documentum Content Server 2024-11-21 N/A
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.
CVE-2015-4532 1 Emc 1 Documentum Content Server 2024-11-21 N/A
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514.
CVE-2015-4531 1 Emc 1 Documentum Content Server 2024-11-21 N/A
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622.
CVE-2015-4523 1 Symantec 2 Malware Analysis Appliance, Malware Analyzer G2 2024-11-21 N/A
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.
CVE-2015-4505 2 Microsoft, Mozilla 2 Windows, Firefox 2024-11-21 N/A
updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.
CVE-2015-4483 3 Mozilla, Opensuse, Oracle 3 Firefox, Opensuse, Solaris 2024-11-21 N/A
Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.
CVE-2015-4394 1 Services Project 1 Services 2024-11-21 N/A
The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors.
CVE-2015-4389 1 Open Graph Importer Project 1 Open Graph Importer 2024-11-21 N/A
The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the "import og_tag_importer" permission.
CVE-2015-4351 1 Web-dorado 1 Web-dorado Spider Video Player 2024-11-21 N/A
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
CVE-2015-4344 1 Services Basic Authentication Project 1 Services Basic Authentication 2024-11-21 N/A
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching.
CVE-2015-4331 1 Cisco 1 Prime Infrastructure 2024-11-21 N/A
Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958.
CVE-2015-4325 1 Cisco 1 Telepresence Video Communication Server Software 2024-11-21 N/A
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272.
CVE-2015-4322 1 Cisco 1 Content Security Management Appliance 2024-11-21 N/A
Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894.
CVE-2015-4307 1 Cisco 1 Prime Collaboration Provisioning 2024-11-21 N/A
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.