|
267261
|
9.6 |
CRITICAL
Network
|
unitronics
|
visilogic_oplc_ide
|
Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-7939
|
2024-11-21 11:37 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267262
|
9.8 |
CRITICAL
Network
|
advantech
|
eki-1321_series_firmware
eki-1322_series_firmware
|
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2015-7938
|
2024-11-21 11:37 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267263
|
5.9 |
MEDIUM
Network
|
mozilla
opensuse
canonical
|
network_security_services
leap
opensuse
firefox
ubuntu_linux
|
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in T…
|
CWE-19
Data Processing Errors
|
CVE-2015-7575
|
2024-11-21 11:37 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267264
|
3.3 |
LOW
Local
|
opensuse
gummi_project
|
leap
opensuse
gummi
|
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .to…
|
CWE-59
Link Following
|
CVE-2015-7758
|
2024-11-21 11:37 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267265
|
8.1 |
HIGH
Network
|
juniper
|
screenos
|
Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.
|
CWE-20
Improper Input Validation
|
CVE-2015-7754
|
2024-11-21 11:37 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267266
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (unc…
|
CWE-17
Code
|
CVE-2015-8027
|
2024-11-21 11:37 |
2016-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267267
|
5.8 |
MEDIUM
Network
|
corega
|
cg-wlncm4g_firmware
|
Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.
|
CWE-20
Improper Input Validation
|
CVE-2015-7794
|
2024-11-21 11:37 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267268
|
5.8 |
MEDIUM
Network
|
corega
|
cg-wlbaragm_firmware
|
Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.
|
CWE-17
Code
|
CVE-2015-7793
|
2024-11-21 11:37 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267269
|
9.8 |
CRITICAL
Network
|
corega
|
cg-wlbargs_firmware
|
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-7792
|
2024-11-21 11:37 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267270
|
6.1 |
MEDIUM
Network
|
asus
|
wl-330nul_firmware
|
Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-7790
|
2024-11-21 11:37 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
