|
270151
|
9.8 |
CRITICAL
Network
|
strongswan
|
strongswan
|
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
|
CWE-19
Data Processing Errors
|
CVE-2015-3991
|
2024-11-21 11:30 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270152
|
5.4 |
MEDIUM
Network
|
ge
|
multilink_ml810_firmware
multilink_ml3000_firmware
multilink_ml3100_firmware
multilink_ml800_firmware
multilink_ml1200_firmware
multilink_ml1600_firmware
multilink_ml2400_firmware
|
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3976
|
2024-11-21 11:30 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270153
|
7.5 |
HIGH
Network
|
phpmybackuppro
|
phpmybackuppro
|
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of …
|
CWE-22
Path Traversal
|
CVE-2015-4181
|
2024-11-21 11:30 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270154
|
7.5 |
HIGH
Network
|
phpmybackuppro
|
phpmybackuppro
|
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of …
|
CWE-22
Path Traversal
|
CVE-2015-4180
|
2024-11-21 11:30 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270155
|
7.5 |
HIGH
Network
|
saltstack
|
salt
|
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-4017
|
2024-11-21 11:30 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270156
|
5.3 |
MEDIUM
Network
|
helpdesk_pro_project
|
helpdesk_pro
|
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/…
|
CWE-200
Information Exposure
|
CVE-2015-4071
|
2024-11-21 11:30 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270157
|
6.5 |
MEDIUM
Network
|
attic_project
|
attic
|
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive informa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4082
|
2024-11-21 11:30 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270158
|
7.5 |
HIGH
Network
|
elasticsearch
|
elasticsearch
|
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4165
|
2024-11-21 11:30 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270159
|
7.8 |
HIGH
Local
|
tukaani
|
xz
|
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run x…
|
CWE-20
Improper Input Validation
|
CVE-2015-4035
|
2024-11-21 11:30 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270160
|
7.8 |
HIGH
Local
|
netlock
|
mokka
|
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Ob…
|
CWE-91
Blind XPath Injection
|
CVE-2015-3932
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
