CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-9288
https://notcve.org/view.php?id=CVE-2015-9288
The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials El plugin Unity Web Player anterior a versión 4.6.6f2 y versiones 5.x anteriores a 5.0.3f2, permite a los atacantes leer mensajes o acceder a servicios en línea por medio de credenciales de una víctima • https://blogs.unity3d.com/2015/06/06/security-update-coming-for-web-player • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 0CVE-2014-2544
https://notcve.org/view.php?id=CVE-2014-2544
Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Spotfire Web Player Engine, Spotfire Desktop y el módulo de autenticación de servidor de Spotfire en TIBCO Spotfire Server 3.3.x anterior a 3.3.4, 4.5.x anterior a 4.5.1, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.2; Spotfire Professional 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Web Player 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Automation Services 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Deployment Kit 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Desktop 6.x anterior a 6.0.1 y Spotfire Analyst 6.x anterior a 6.0.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt •
CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 3CVE-2005-3135 – Virtools Web Player 3.0.0.100 - Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2005-3135
Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename. • https://www.exploit-db.com/exploits/1239 http://aluigi.altervista.org/adv/virtbugs-adv.txt http://marc.info/?l=bugtraq&m=112811771331997&w=2 http://secunia.com/advisories/17034 http://securitytracker.com/id?1014993 http://www.securityfocus.com/bid/14990 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2CVE-2005-3136
https://notcve.org/view.php?id=CVE-2005-3136
Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename. • http://aluigi.altervista.org/adv/virtbugs-adv.txt http://marc.info/?l=bugtraq&m=112811771331997&w=2 http://secunia.com/advisories/17034 http://securityreason.com/securityalert/40 http://securitytracker.com/id?1014993 http://www.securityfocus.com/bid/14991 https://exchange.xforce.ibmcloud.com/vulnerabilities/22471 •