|
278131
|
9.8 |
CRITICAL
Network
|
jumio
|
jumio_sdk
|
The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to…
|
CWE-118
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-2000
|
2024-11-21 11:26 |
2018-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278132
|
9.8 |
CRITICAL
Network
|
datto
|
alto_3_firmware
alto_2_firmware
alto_xl_firmware
siris_3_firmware
siris_2_firmware
siris_3_x_all-flash_firmware
siris_virtual_firmware
alto_imaged_firmware
|
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.
|
CWE-20
Improper Input Validation
|
CVE-2015-2081
|
2024-11-21 11:26 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278133
|
7.0 |
HIGH
Local
|
abrt_project
|
abrt
|
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
|
CWE-362
Race Condition
|
CVE-2015-1862
|
2024-11-21 11:26 |
2018-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278134
|
7.5 |
HIGH
Network
|
edx
|
edx-platform
configuration
|
The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_AL…
|
CWE-20
Improper Input Validation
|
CVE-2015-2186
|
2024-11-21 11:26 |
2018-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278135
|
7.5 |
HIGH
Network
|
evergreen-ils
|
evergreen
|
Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leverag…
|
CWE-200
Information Exposure
|
CVE-2015-2204
|
2024-11-21 11:26 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278136
|
6.5 |
MEDIUM
Network
|
evergreen-ils
|
evergreen
|
Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controlle…
|
CWE-200
Information Exposure
|
CVE-2015-2203
|
2024-11-21 11:26 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278137
|
5.3 |
MEDIUM
Network
|
apache
|
cordova
|
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables…
|
CWE-20
Improper Input Validation
|
CVE-2015-1835
|
2024-11-21 11:26 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278138
|
7.5 |
HIGH
Network
|
netty
playframework
lightbend
|
netty
play_framework
|
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly f…
|
CWE-20
Improper Input Validation
|
CVE-2015-2156
|
2024-11-21 11:26 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278139
|
4.8 |
MEDIUM
Network
|
phpbugtracker_project
|
phpbugtracker
|
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2148
|
2024-11-21 11:26 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278140
|
9.8 |
CRITICAL
Network
|
phpbugtracker_project
|
phpbugtracker
|
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
|
CWE-89
SQL Injection
|
CVE-2015-2147
|
2024-11-21 11:26 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
