|
273671
|
4.3 |
MEDIUM
Network
|
matroska
|
libebml
|
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which tr…
|
CWE-200
Information Exposure
|
CVE-2015-8790
|
2024-11-21 11:39 |
2016-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273672
|
9.6 |
CRITICAL
Network
|
matroska
|
libebml
|
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" fo…
|
NVD-CWE-Other
|
CVE-2015-8789
|
2024-11-21 11:39 |
2016-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273673
|
7.5 |
HIGH
Network
|
roundcube
|
roundcube_webmail
|
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain pe…
|
CWE-22
Path Traversal
|
CVE-2015-8770
|
2024-11-21 11:39 |
2016-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273674
|
5.5 |
MEDIUM
Local
|
gnu
|
glibc
|
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTE…
|
CWE-254
7PK - Security Features
|
CVE-2015-8777
|
2024-11-21 11:39 |
2016-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273675
|
5.9 |
MEDIUM
Network
|
openstack
|
nova
|
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message …
|
CWE-200
Information Exposure
|
CVE-2015-8749
|
2024-11-21 11:39 |
2016-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273676
|
7.3 |
HIGH
Network
|
joomla
|
joomla\!
|
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2015-8769
|
2024-11-21 11:39 |
2016-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273677
|
6.1 |
MEDIUM
Network
|
getsymphony
|
symphony
|
Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ema…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8766
|
2024-11-21 11:39 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273678
|
8.3 |
HIGH
Network
|
mcafee
|
epolicy_orchestrator
|
Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a craft…
|
NVD-CWE-Other
|
CVE-2015-8765
|
2024-11-21 11:39 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273679
|
9.0 |
CRITICAL
Network
|
values_project
|
values
|
The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via t…
|
CWE-94
Code Injection
|
CVE-2015-8761
|
2024-11-21 11:39 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273680
|
6.1 |
MEDIUM
Network
|
typo3
|
typo3
|
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
|
CWE-20
Improper Input Validation
|
CVE-2015-8760
|
2024-11-21 11:39 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
