|
270981
|
5.5 |
MEDIUM
Local
|
php-fpm
|
php-fpm
|
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
|
CWE-59
Link Following
|
CVE-2015-3211
|
2024-11-21 11:28 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270982
|
8.1 |
HIGH
Network
|
apple
|
pykerberos
|
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other u…
|
CWE-287
Improper Authentication
|
CVE-2015-3206
|
2024-11-21 11:28 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270983
|
9.8 |
CRITICAL
Network
|
accellion
|
file_transfer_appliance
|
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
|
CWE-77
Command Injection
|
CVE-2015-2857
|
2024-11-21 11:28 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270984
|
5.5 |
MEDIUM
Local
|
openstack
|
trove
|
The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_c…
|
CWE-59
Link Following
|
CVE-2015-3156
|
2024-11-21 11:28 |
2017-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270985
|
5.5 |
MEDIUM
Local
|
rsyslog
|
rsyslog
|
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2015-3243
|
2024-11-21 11:28 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270986
|
5.5 |
MEDIUM
Local
|
sos_project
|
sos
|
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.
|
CWE-200
Information Exposure
|
CVE-2015-3171
|
2024-11-21 11:28 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270987
|
5.5 |
MEDIUM
Local
|
redhat
|
enterprise_linux_desktop
enterprise_linux_server_eus
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
enterprise_linux_server_aus
enterprise_linux_hpc_…
|
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.
|
CWE-59
Link Following
|
CVE-2015-3149
|
2024-11-21 11:28 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270988
|
9.8 |
CRITICAL
Network
|
web-dorado
|
contact_form_maker
|
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2015-2798
|
2024-11-21 11:28 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270989
|
7.5 |
HIGH
Network
|
redhat
|
jboss_wildfly_application_server
|
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.
|
CWE-200
Information Exposure
|
CVE-2015-3198
|
2024-11-21 11:28 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270990
|
5.5 |
MEDIUM
Local
|
selinux_project
|
selinux
|
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .con…
|
CWE-254
7PK - Security Features
|
CVE-2015-3170
|
2024-11-21 11:28 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
