|
269551
|
- |
|
ibm
|
business_process_manager
|
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenti…
|
CWE-79
Cross-site Scripting
|
CVE-2015-4955
|
2024-11-21 11:32 |
2015-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269552
|
- |
|
x2engine
|
x2crm
|
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account …
|
CWE-352
Origin Validation Error
|
CVE-2015-5075
|
2024-11-21 11:32 |
2015-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269553
|
- |
|
x2engine
|
x2crm
|
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arb…
|
CWE-20
Improper Input Validation
|
CVE-2015-5074
|
2024-11-21 11:32 |
2015-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269554
|
- |
|
x2engine
|
x2crm
|
Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5076
|
2024-11-21 11:32 |
2015-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269555
|
- |
|
fedoraproject
debian
squid-cache
|
fedora
debian_linux
squid
|
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5400
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269556
|
- |
|
opensuse
standards_based_linux_instrumentation
|
opensuse
sblim-sfcb
|
The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty classNa…
|
NVD-CWE-Other
|
CVE-2015-5185
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269557
|
- |
|
open-xchange
|
open-xchange_appsuite
open-xchange_server
|
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x be…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5375
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269558
|
- |
|
adnovum
|
nevisauth
|
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the c…
|
CWE-287
Improper Authentication
|
CVE-2015-5372
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269559
|
- |
|
qemu
|
qemu
|
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-5279
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269560
|
- |
|
endian_firewall
|
endian_firewall
|
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.
|
CWE-77
Command Injection
|
CVE-2015-5082
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
