|
273861
|
8.8 |
HIGH
Network
|
huawei
|
vcn500_firmware
|
SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTT…
|
CWE-89
SQL Injection
|
CVE-2015-8334
|
2024-11-21 11:38 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273862
|
9.8 |
CRITICAL
Network
|
knx
|
ets
|
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8299
|
2024-11-21 11:38 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273863
|
8.8 |
HIGH
Network
|
huawei
|
vcm5010_firmware
vcm5020_firmware
|
Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and p…
|
CWE-287
Improper Authentication
|
CVE-2015-8332
|
2024-11-21 11:38 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273864
|
7.8 |
HIGH
Local
|
polycom
|
btoe_connector
|
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privilege…
|
CWE-275
Permission Issues
|
CVE-2015-8300
|
2024-11-21 11:38 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273865
|
8.8 |
HIGH
Network
|
orion-soft
|
bitrix
|
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" par…
|
CWE-89
SQL Injection
|
CVE-2015-8355
|
2024-11-21 11:38 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273866
|
9.8 |
CRITICAL
Network
|
zen-cart
|
zen_cart
|
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
|
CWE-22
Path Traversal
|
CVE-2015-8352
|
2024-11-21 11:38 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273867
|
7.8 |
HIGH
Local
|
lxdm_project
|
lxdm
|
LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.
|
CWE-287
Improper Authentication
|
CVE-2015-8308
|
2024-11-21 11:38 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273868
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8596
|
2024-11-21 11:38 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273869
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8595
|
2024-11-21 11:38 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273870
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8594
|
2024-11-21 11:38 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
