|
271021
|
- |
|
yiiframework
|
yiiframework
|
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3397
|
2024-11-21 11:29 |
2015-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271022
|
- |
|
trend_micro
|
scanmail
|
Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predi…
|
NVD-CWE-Other
|
CVE-2015-3326
|
2024-11-21 11:29 |
2015-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271023
|
- |
|
qemu
redhat
xen
|
qemu
openstack
enterprise_linux
enterprise_virtualization
xen
|
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arb…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-3456
|
2024-11-21 11:29 |
2015-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271024
|
- |
|
openstack
oracle
|
keystone
solaris
|
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and othe…
|
CWE-200
Information Exposure
|
CVE-2015-3646
|
2024-11-21 11:29 |
2015-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271025
|
- |
|
opensuse
fedoraproject
gnu
|
opensuse
fedora
libtasn1
|
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-3622
|
2024-11-21 11:29 |
2015-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271026
|
- |
|
fortinet
|
fortimanager_firmware
fortianalyzer_firmware
|
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 th…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3620
|
2024-11-21 11:29 |
2015-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271027
|
- |
|
xml-libxml_project
canonical
debian
fedoraproject
opensuse
|
xml-libxml
ubuntu_linux
debian_linux
fedora
opensuse
|
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to t…
|
CWE-611
XXE
|
CVE-2015-3451
|
2024-11-21 11:29 |
2015-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271028
|
- |
|
thekelleys
oracle
|
dnsmasq
solaris
|
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of se…
|
CWE-19
Data Processing Errors
|
CVE-2015-3294
|
2024-11-21 11:29 |
2015-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271029
|
- |
|
siemens
|
homecontrol_for_room_automation
|
The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt…
|
CWE-310
Cryptographic Issues
|
CVE-2015-3610
|
2024-11-21 11:29 |
2015-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271030
|
- |
|
foxitsoftware
|
enterprise_reader
foxit_reader
phantompdf
|
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-3633
|
2024-11-21 11:29 |
2015-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
