|
277171
|
- |
|
mediawiki
|
mediawiki
|
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to…
|
CWE-352
Origin Validation Error
|
CVE-2015-6728
|
2024-11-21 11:35 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277172
|
- |
|
mediawiki
canonical
|
mediawiki
ubuntu_linux
|
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" t…
|
CWE-200
Information Exposure
|
CVE-2015-6727
|
2024-11-21 11:35 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277173
|
- |
|
ippusbxd_project
|
ippusbxd
|
IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-6520
|
2024-11-21 11:35 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277174
|
- |
|
linux
|
linux_kernel
|
The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-…
|
CWE-399
Resource Management Errors
|
CVE-2015-6526
|
2024-11-21 11:35 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277175
|
- |
|
path_breadcrumbs_project
|
path_breadcrumbs
|
Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path B…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6754
|
2024-11-21 11:35 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277176
|
- |
|
quick_edit_project
|
quick_edit
|
Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6753
|
2024-11-21 11:35 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277177
|
- |
|
pligg
|
pligg_cms
|
Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin…
|
CWE-352
Origin Validation Error
|
CVE-2015-6655
|
2024-11-21 11:35 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277178
|
- |
|
search_api_autocomplete_project
|
search_api_autocomplete
|
Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote a…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6752
|
2024-11-21 11:35 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277179
|
- |
|
time_tracker_project
|
time_tracker
|
Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6751
|
2024-11-21 11:35 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277180
|
- |
|
youtube_embed_project
|
youtube_embed
|
Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6535
|
2024-11-21 11:35 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
