|
278301
|
- |
|
webservice-dic
|
yoyaku
|
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2015-2977
|
2024-11-21 11:28 |
2015-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278302
|
- |
|
lemon-s_php
|
gazou_bbs_plus
|
LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file.
|
CWE-20
Improper Input Validation
|
CVE-2015-2974
|
2024-11-21 11:28 |
2015-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278303
|
- |
|
opensuse
rubyonrails
|
opensuse
rails
|
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service…
|
NVD-CWE-noinfo
|
CVE-2015-3227
|
2024-11-21 11:28 |
2015-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278304
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3226
|
2024-11-21 11:28 |
2015-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278305
|
- |
|
rack_project
opensuse
debian
|
rack
opensuse
debian_linux
|
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a…
|
CWE-19
Data Processing Errors
|
CVE-2015-3225
|
2024-11-21 11:28 |
2015-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278306
|
- |
|
rubyonrails
|
web_console
|
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote…
|
CWE-284
Improper Access Control
|
CVE-2015-3224
|
2024-11-21 11:28 |
2015-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278307
|
- |
|
honeywell
|
tuxedo_touch
|
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-…
|
CWE-352
Origin Validation Error
|
CVE-2015-2848
|
2024-11-21 11:28 |
2015-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278308
|
- |
|
honeywell
|
tuxedo_touch
|
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests…
|
CWE-284
Improper Access Control
|
CVE-2015-2847
|
2024-11-21 11:28 |
2015-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278309
|
- |
|
research-artisan
|
research_artisan_lite
|
Research Artisan Lite before 1.18 does not ensure that a user has authenticated, which allows remote attackers to perform unspecified actions via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2015-2975
|
2024-11-21 11:28 |
2015-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278310
|
- |
|
research-artisan
|
research_artisan_lite
|
Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2976
|
2024-11-21 11:28 |
2015-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
