|
277951
|
- |
|
labtech_software
|
labtech
|
Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file.
|
CWE-284
Improper Access Control
|
CVE-2015-0926
|
2024-11-21 11:24 |
2015-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277952
|
- |
|
vmware
|
workstation
esxi
player
|
vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of se…
|
NVD-CWE-noinfo
|
CVE-2015-1044
|
2024-11-21 11:24 |
2015-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277953
|
- |
|
vmware
|
fusion
workstation
player
|
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a gu…
|
CWE-20
Improper Input Validation
|
CVE-2015-1043
|
2024-11-21 11:24 |
2015-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277954
|
- |
|
opensuse
polarssl
|
opensuse
polarssl
|
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows r…
|
NVD-CWE-Other
|
CVE-2015-1182
|
2024-11-21 11:24 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277955
|
- |
|
infinite_automation_systems
|
mango_automation
|
Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1179
|
2024-11-21 11:24 |
2015-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277956
|
- |
|
qualiteam
|
x-cart
|
Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id par…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1178
|
2024-11-21 11:24 |
2015-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277957
|
- |
|
pxz_project
|
pxz
|
Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to byp…
|
CWE-362
Race Condition
|
CVE-2015-1200
|
2024-11-21 11:24 |
2015-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277958
|
- |
|
eventsentry
|
eventsentry
|
Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet.
|
CWE-79
Cross-site Scripting
|
CVE-2015-1180
|
2024-11-21 11:24 |
2015-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277959
|
- |
|
osticket
|
osticket
|
Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.
|
CWE-79
Cross-site Scripting
|
CVE-2015-1176
|
2024-11-21 11:24 |
2015-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277960
|
- |
|
canonical
google
chromium
|
ubuntu_linux
chrome
chromium
|
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2015-1205
|
2024-11-21 11:24 |
2015-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
