|
273991
|
- |
|
opensuse
polarssl
|
opensuse
polarssl
|
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows r…
|
NVD-CWE-Other
|
CVE-2015-1182
|
2024-11-21 11:24 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273992
|
- |
|
infinite_automation_systems
|
mango_automation
|
Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1179
|
2024-11-21 11:24 |
2015-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273993
|
- |
|
qualiteam
|
x-cart
|
Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id par…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1178
|
2024-11-21 11:24 |
2015-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273994
|
- |
|
pxz_project
|
pxz
|
Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to byp…
|
CWE-362
Race Condition
|
CVE-2015-1200
|
2024-11-21 11:24 |
2015-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273995
|
- |
|
eventsentry
|
eventsentry
|
Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet.
|
CWE-79
Cross-site Scripting
|
CVE-2015-1180
|
2024-11-21 11:24 |
2015-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273996
|
- |
|
osticket
|
osticket
|
Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.
|
CWE-79
Cross-site Scripting
|
CVE-2015-1176
|
2024-11-21 11:24 |
2015-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273997
|
- |
|
canonical
google
chromium
|
ubuntu_linux
chrome
chromium
|
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2015-1205
|
2024-11-21 11:24 |
2015-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273998
|
- |
|
prestashop
|
prestashop
|
Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the l…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1175
|
2024-11-21 11:24 |
2015-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273999
|
- |
|
ipass
|
ipass_open_mobile
|
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subp…
|
CWE-94
Code Injection
|
CVE-2015-0925
|
2024-11-21 11:24 |
2015-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274000
|
- |
|
opensuse
oracle
gnu
|
opensuse
solaris
patch
|
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
|
CWE-59
Link Following
|
CVE-2015-1196
|
2024-11-21 11:24 |
2015-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
