|
268961
|
- |
|
isucon
|
isucon_5_qualifier_eventapp
|
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an …
|
CWE-78
OS Command
|
CVE-2015-5673
|
2024-11-21 11:33 |
2015-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268962
|
- |
|
oxwall
|
oxwall
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maint…
|
CWE-352
Origin Validation Error
|
CVE-2015-5534
|
2024-11-21 11:33 |
2015-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268963
|
- |
|
powerdns
|
authoritative
recursor
|
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a d…
|
CWE-399
Resource Management Errors
|
CVE-2015-5470
|
2024-11-21 11:33 |
2015-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268964
|
- |
|
html-scrubber_project
|
html-scrubber
|
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a cr…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5667
|
2024-11-21 11:33 |
2015-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268965
|
- |
|
techno_project_japan
|
enisys_gw
|
Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5671
|
2024-11-21 11:33 |
2015-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268966
|
- |
|
techno_project_japan
|
enisys_gw
|
Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-5670
|
2024-11-21 11:33 |
2015-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268967
|
- |
|
techno_project_japan
|
enisys_gw
|
Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2015-5669
|
2024-11-21 11:33 |
2015-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268968
|
- |
|
techno_project_japan
|
enisys_gw
|
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2015-5668
|
2024-11-21 11:33 |
2015-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268969
|
- |
|
tibco
|
spotfire_server
spotfire_analytics_platform_for_aws
|
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform befor…
|
CWE-200
Information Exposure
|
CVE-2015-5713
|
2024-11-21 11:33 |
2015-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268970
|
- |
|
tibco
|
spotfire_analytics_platform_for_aws
spotfire_server
|
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform befor…
|
CWE-200
Information Exposure
|
CVE-2015-5712
|
2024-11-21 11:33 |
2015-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
