Launchpad.net

Launchpad CVE tracker

Find CVEs by number or keywords:
Show all registered CVEs

Recently updated CVEs

CVE-2015-2682 (Candidate)
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
Created on 2015-03-25 and modified 23 hours ago.

CVE-2015-2683 (Candidate)
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.
Created on 2015-03-25 and modified 23 hours ago.

CVE-2015-2746 (Candidate)
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command.
Created 23 hours ago and modified 23 hours ago.

CVE-2015-2747 (Candidate)
Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy.
Created 23 hours ago and modified 23 hours ago.

CVE-2015-2748 (Candidate)
Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file.
Created 23 hours ago and modified 23 hours ago.

Launchpad includes full support for the CVE framework. We update the Launchpad CVE database daily to ensure it includes details of all known vulnerabilities.