|
280531
|
- |
|
mozilla
opensuse
canonical
|
firefox
opensuse
ubuntu_linux
|
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which all…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0804
|
2024-11-21 11:23 |
2015-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280532
|
- |
|
canonical
opensuse
mozilla
|
ubuntu_linux
opensuse
firefox
|
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0803
|
2024-11-21 11:23 |
2015-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280533
|
- |
|
opensuse
canonical
mozilla
|
opensuse
ubuntu_linux
firefox
|
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0802
|
2024-11-21 11:23 |
2015-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280534
|
- |
|
mozilla
|
firefox_esr
firefox
thunderbird
|
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privil…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0801
|
2024-11-21 11:23 |
2015-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280535
|
- |
|
mozilla
|
firefox
|
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it e…
|
CWE-200
Information Exposure
|
CVE-2015-0800
|
2024-11-21 11:23 |
2015-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280536
|
- |
|
debian
dulwich_project
|
debian_linux
dulwich
|
Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-0838
|
2024-11-21 11:23 |
2015-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280537
|
- |
|
flashy_project
|
flashy
|
Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-0901
|
2024-11-21 11:23 |
2015-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280538
|
- |
|
nishishi
|
fumy_teachers_schedule_board
|
Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a craft…
|
CWE-79
Cross-site Scripting
|
CVE-2015-0900
|
2024-11-21 11:23 |
2015-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280539
|
- |
|
emc
|
isilon_onefs
|
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0528
|
2024-11-21 11:23 |
2015-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280540
|
- |
|
cisco
|
unified_callmanager
|
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq4…
|
CWE-200
Information Exposure
|
CVE-2015-0680
|
2024-11-21 11:23 |
2015-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
