|
269721
|
- |
|
x2engine
|
x2crm
|
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arb…
|
CWE-20
Improper Input Validation
|
CVE-2015-5074
|
2024-11-21 11:32 |
2015-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269722
|
- |
|
x2engine
|
x2crm
|
Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5076
|
2024-11-21 11:32 |
2015-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269723
|
- |
|
fedoraproject
debian
squid-cache
|
fedora
debian_linux
squid
|
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5400
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269724
|
- |
|
opensuse
standards_based_linux_instrumentation
|
opensuse
sblim-sfcb
|
The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty classNa…
|
NVD-CWE-Other
|
CVE-2015-5185
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269725
|
- |
|
open-xchange
|
open-xchange_appsuite
open-xchange_server
|
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x be…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5375
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269726
|
- |
|
adnovum
|
nevisauth
|
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the c…
|
CWE-287
Improper Authentication
|
CVE-2015-5372
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269727
|
- |
|
qemu
|
qemu
|
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-5279
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269728
|
- |
|
endian_firewall
|
endian_firewall
|
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.
|
CWE-77
Command Injection
|
CVE-2015-5082
|
2024-11-21 11:32 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269729
|
- |
|
redhat
|
openshift
|
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.
|
CWE-77
Command Injection
|
CVE-2015-5274
|
2024-11-21 11:32 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269730
|
- |
|
hp
|
loadrunner
|
Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.
|
NVD-CWE-noinfo
|
CVE-2015-5426
|
2024-11-21 11:32 |
2015-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
