|
277361
|
6.5 |
MEDIUM
Network
|
attic_project
|
attic
|
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive informa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4082
|
2024-11-21 11:30 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277362
|
7.5 |
HIGH
Network
|
elasticsearch
|
elasticsearch
|
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4165
|
2024-11-21 11:30 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277363
|
7.8 |
HIGH
Local
|
tukaani
|
xz
|
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run x…
|
CWE-20
Improper Input Validation
|
CVE-2015-4035
|
2024-11-21 11:30 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277364
|
7.8 |
HIGH
Local
|
netlock
|
mokka
|
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Ob…
|
CWE-91
Blind XPath Injection
|
CVE-2015-3932
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277365
|
7.8 |
HIGH
Local
|
microsec
|
e-szigno
|
Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:…
|
CWE-91
Blind XPath Injection
|
CVE-2015-3931
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277366
|
9.8 |
CRITICAL
Network
|
libinfinity_project
|
libinfinity
|
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-3886
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277367
|
7.5 |
HIGH
Network
|
huawei
|
s2300_firmware
s2700_firmware
s3300_firmware
s3700_firmware
s5300ei_firmware
s5700ei_firmware
s5300si_firmware
s5700si_firmware
s5300hi_firmware
s5700hi_firmware
s6300ei…
|
The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.
|
CWE-20
Improper Input Validation
|
CVE-2015-3913
|
2024-11-21 11:30 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277368
|
7.5 |
HIGH
Network
|
pgbouncer
|
pgbouncer
|
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.
|
CWE-476
NULL Pointer Dereference
|
CVE-2015-4054
|
2024-11-21 11:30 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277369
|
7.2 |
HIGH
Network
|
alienvault
|
open_source_security_information_management
|
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.
|
CWE-77
Command Injection
|
CVE-2015-4046
|
2024-11-21 11:30 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277370
|
6.7 |
MEDIUM
Local
|
alienvault
|
open_source_security_information_management
|
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4045
|
2024-11-21 11:30 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
