|
275761
|
7.8 |
HIGH
Local
|
docker
opensuse
|
libcontainer
opensuse
|
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an imag…
|
CWE-59
Link Following
|
CVE-2015-3629
|
2024-11-21 11:29 |
2015-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275762
|
- |
|
docker
|
libcontainer
docker
|
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an …
|
CWE-59
Link Following
|
CVE-2015-3627
|
2024-11-21 11:29 |
2015-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275763
|
- |
|
oracle
squid-cache
fedoraproject
|
solaris
linux
squid
fedora
|
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.50…
|
CWE-20
Improper Input Validation
|
CVE-2015-3455
|
2024-11-21 11:29 |
2015-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275764
|
- |
|
proftpd
|
proftpd
|
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
|
CWE-284
Improper Access Control
|
CVE-2015-3306
|
2024-11-21 11:29 |
2015-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275765
|
- |
|
wpsymposium
|
wp_symposium
|
SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to t…
|
CWE-89
SQL Injection
|
CVE-2015-3325
|
2024-11-21 11:29 |
2015-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275766
|
- |
|
quassel-irc
debian
|
quassel
debian_linux
|
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash…
|
CWE-89
SQL Injection
|
CVE-2015-3427
|
2024-11-21 11:29 |
2015-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275767
|
- |
|
thecartpress
|
thecartpress_ecommerce_shopping_cart
|
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to rea…
|
CWE-22
Path Traversal
|
CVE-2015-3301
|
2024-11-21 11:29 |
2015-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275768
|
- |
|
thecartpress
|
thecartpress_ecommerce_shopping_cart
|
Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote atta…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3300
|
2024-11-21 11:29 |
2015-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275769
|
- |
|
stunnel
|
stunnel
|
Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentica…
|
CWE-284
Improper Access Control
|
CVE-2015-3644
|
2024-11-21 11:29 |
2015-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275770
|
- |
|
yiiframework
|
yiiframework
|
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3397
|
2024-11-21 11:29 |
2015-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
