|
270181
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of…
|
CWE-200
Information Exposure
|
CVE-2015-4176
|
2024-11-21 11:30 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270182
|
4.7 |
MEDIUM
Local
|
linux
redhat
|
linux_kernel
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_for_power_big_endian_eus
enterprise_linux_server_eus
enterprise_linux_for_power_little_endian_eus
enterprise_linux_…
|
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_do…
|
CWE-362
Race Condition
|
CVE-2015-4170
|
2024-11-21 11:30 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270183
|
5.4 |
MEDIUM
Network
|
advantech
|
webaccess
|
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3948
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270184
|
8.1 |
HIGH
Network
|
advantech
|
webaccess
|
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2015-3947
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270185
|
8.8 |
HIGH
Network
|
advantech
|
webaccess
|
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2015-3946
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270186
|
5.3 |
MEDIUM
Network
|
advantech
|
webaccess
|
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-3943
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270187
|
- |
|
acunetix
|
web_vulnerability_scanner
|
The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4027
|
2024-11-21 11:30 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270188
|
- |
|
cisco
|
unified_communications_manager
|
Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.
|
CWE-79
Cross-site Scripting
|
CVE-2015-4206
|
2024-11-21 11:30 |
2015-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270189
|
- |
|
symantec
|
proxysg_firmware
|
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when u…
|
CWE-200
Information Exposure
|
CVE-2015-4334
|
2024-11-21 11:30 |
2015-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270190
|
- |
|
blackberry
|
enterprise_server
|
The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attack…
|
CWE-254
7PK - Security Features
|
CVE-2015-4112
|
2024-11-21 11:30 |
2015-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
