|
270711
|
4.3 |
MEDIUM
Network
|
zfsonlinux
|
zfs
|
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obta…
|
CWE-200
Information Exposure
|
CVE-2015-3400
|
2024-11-21 11:29 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270712
|
6.7 |
MEDIUM
Local
|
lenovo
|
fingerprint_manager
|
Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3321
|
2024-11-21 11:29 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270713
|
7.8 |
HIGH
Local
|
usb-creator_project
|
usb-creator
|
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3643
|
2024-11-21 11:29 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270714
|
6.1 |
MEDIUM
Network
|
nodebb
|
nodebb
|
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3296
|
2024-11-21 11:29 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270715
|
6.1 |
MEDIUM
Network
|
pydio
|
pydio
|
Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS V…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3432
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270716
|
9.8 |
CRITICAL
Network
|
pydio
|
pydio
|
Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."
|
CWE-78
OS Command
|
CVE-2015-3431
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270717
|
5.9 |
MEDIUM
Network
|
dovecot
fedoraproject
|
dovecot
fedora
|
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-3420
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270718
|
6.5 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.
|
CWE-20
Improper Input Validation
|
CVE-2015-3419
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270719
|
6.1 |
MEDIUM
Network
|
floating_social_bar_project
|
floating_social_bar
|
Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original se…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3299
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270720
|
8.1 |
HIGH
Network
|
tune_library_project
|
tune_library
|
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
|
CWE-89
SQL Injection
|
CVE-2015-3314
|
2024-11-21 11:29 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
