|
277771
|
- |
|
arj_software
fedoraproject
|
arj_archiver
fedora
|
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multipl…
|
CWE-22
Path Traversal
|
CVE-2015-0557
|
2024-11-21 11:23 |
2015-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277772
|
- |
|
arj_software
fedoraproject
|
arj_archiver
fedora
|
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
|
CWE-59
Link Following
|
CVE-2015-0556
|
2024-11-21 11:23 |
2015-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277773
|
- |
|
canonical
opensuse
mozilla
|
ubuntu_linux
opensuse
firefox
|
The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying tha…
|
CWE-20
Improper Input Validation
|
CVE-2015-0799
|
2024-11-21 11:23 |
2015-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277774
|
- |
|
oracle
mozilla
|
solaris
firefox
|
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0798
|
2024-11-21 11:23 |
2015-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277775
|
- |
|
bblog_project
|
bblog
|
Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
Origin Validation Error
|
CVE-2015-0905
|
2024-11-21 11:23 |
2015-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277776
|
- |
|
saurus
|
saurus_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers …
|
CWE-79
Cross-site Scripting
|
CVE-2015-0876
|
2024-11-21 11:23 |
2015-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277777
|
- |
|
cisco
|
wireless_lan_controller_software
|
Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted…
|
CWE-79
Cross-site Scripting
|
CVE-2015-0690
|
2024-11-21 11:23 |
2015-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277778
|
- |
|
c-board_moyuku_project
|
c-board_moyuku
|
Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a \0 character in its name.
|
NVD-CWE-Other
|
CVE-2015-0877
|
2024-11-21 11:23 |
2015-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277779
|
- |
|
xen
|
xen
|
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows …
|
CWE-200
Information Exposure
|
CVE-2015-0777
|
2024-11-21 11:23 |
2015-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277780
|
- |
|
emc
|
powerpath_virtual_appliance
|
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive …
|
CWE-255
Credentials Management
|
CVE-2015-0529
|
2024-11-21 11:23 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
