|
277781
|
8.8 |
HIGH
Network
|
atutor
|
atutor
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account vi…
|
CWE-352
Origin Validation Error
|
CVE-2015-1583
|
2024-11-21 11:25 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277782
|
9.8 |
CRITICAL
Network
|
jakweb
|
gecko_cms
|
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities
|
CWE-20
Improper Input Validation
|
CVE-2015-1425
|
2024-11-21 11:25 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277783
|
5.4 |
MEDIUM
Network
|
10web
|
photo_gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1394
|
2024-11-21 11:25 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277784
|
7.8 |
HIGH
Local
|
google
|
android
|
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted appl…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2015-1530
|
2024-11-21 11:25 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277785
|
5.5 |
MEDIUM
Local
|
google
|
android
|
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address.
|
CWE-20
Improper Input Validation
|
CVE-2015-1525
|
2024-11-21 11:25 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277786
|
7.5 |
HIGH
Network
|
gnu
debian
|
patch
debian_linux
|
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an in…
|
CWE-22
Path Traversal
|
CVE-2015-1396
|
2024-11-21 11:25 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277787
|
5.5 |
MEDIUM
Local
|
gnupg
canonical
|
gnupg
ubuntu_linux
|
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (inval…
|
CWE-20
Improper Input Validation
|
CVE-2015-1607
|
2024-11-21 11:25 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277788
|
5.5 |
MEDIUM
Local
|
gnupg
debian
|
gnupg
debian_linux
|
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
|
CWE-416
Use After Free
|
CVE-2015-1606
|
2024-11-21 11:25 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277789
|
5.3 |
MEDIUM
Network
|
canonical
|
ubuntu_linux
|
All versions of unity-scope-gdrive logs search terms to syslog.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2015-1343
|
2024-11-21 11:25 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277790
|
7.8 |
HIGH
Local
|
canonical
|
ubuntu_linux
apport
|
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1341
|
2024-11-21 11:25 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
