|
269881
|
8.0 |
HIGH
Network
|
koha
|
koha
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack t…
|
CWE-352
Origin Validation Error
|
CVE-2015-4630
|
2024-11-21 11:31 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269882
|
9.8 |
CRITICAL
Network
|
broadcom
xceedium
|
privileged_access_manager
xsuite
|
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
|
CWE-20
Improper Input Validation
|
CVE-2015-4664
|
2024-11-21 11:31 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269883
|
6.1 |
MEDIUM
Network
|
nextendweb
|
nextend_twitter_connect
|
Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2015-4557
|
2024-11-21 11:31 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269884
|
4.6 |
MEDIUM
Physics
|
ring
|
ring_firmware
|
Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the Gain…
|
CWE-255
Credentials Management
|
CVE-2015-4400
|
2024-11-21 11:31 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269885
|
6.5 |
MEDIUM
Network
|
efrontlearning
|
efront
|
Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.
|
CWE-22
Path Traversal
|
CVE-2015-4461
|
2024-11-21 11:31 |
2018-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269886
|
9.8 |
CRITICAL
Network
|
bson_project
|
bson
|
BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2015-4412
|
2024-11-21 11:31 |
2018-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269887
|
7.0 |
HIGH
Local
|
huawei
|
mate_7_firmware
|
The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) v…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-4422
|
2024-11-21 11:31 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269888
|
7.5 |
HIGH
Network
|
huawei
|
mate_7_firmware
|
The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified i…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-4421
|
2024-11-21 11:31 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269889
|
9.8 |
CRITICAL
Network
|
arubanetworks
|
clearpass_policy_manager
|
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4650
|
2024-11-21 11:31 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269890
|
7.8 |
HIGH
Local
|
xceedium
|
xsuite
|
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
|
CWE-89
SQL Injection
|
CVE-2015-4669
|
2024-11-21 11:31 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
