|
266851
|
7.1 |
HIGH
Local
|
pyamf
|
pyamf
|
XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.
|
CWE-611
XXE
|
CVE-2015-8549
|
2024-11-21 11:38 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266852
|
9.8 |
CRITICAL
Network
|
libraw
|
libraw
|
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
|
CWE-665
Improper Initialization
|
CVE-2015-8367
|
2024-11-21 11:38 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266853
|
9.8 |
CRITICAL
Network
|
libraw
|
libraw
|
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
|
CWE-129
Improper Validation of Array Index
|
CVE-2015-8366
|
2024-11-21 11:38 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266854
|
5.9 |
MEDIUM
Network
|
gnu
debian
|
gnutls
debian_linux
|
GnuTLS incorrectly validates the first byte of padding in CBC modes
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2015-8313
|
2024-11-21 11:38 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266855
|
9.8 |
CRITICAL
Network
|
rxtec
|
rxadmin
|
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) z…
|
CWE-89
SQL Injection
|
CVE-2015-8298
|
2024-11-21 11:38 |
2018-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266856
|
6.1 |
MEDIUM
Network
|
cloudera
|
hue
|
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.
|
CWE-601
Open Redirect
|
CVE-2015-8094
|
2024-11-21 11:38 |
2018-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266857
|
6.5 |
MEDIUM
Network
|
puppet
|
puppet_enterprise
|
The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cook…
|
CWE-200
Information Exposure
|
CVE-2015-8470
|
2024-11-21 11:38 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266858
|
7.0 |
HIGH
Local
|
sudo_project
|
sudo
|
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
|
CWE-362
Race Condition
|
CVE-2015-8239
|
2024-11-21 11:38 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266859
|
9.8 |
CRITICAL
Network
|
manageengine
|
desktop_central
|
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-8249
|
2024-11-21 11:38 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266860
|
9.8 |
CRITICAL
Network
|
magento
|
magento
|
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via …
|
CWE-200
Information Exposure
|
CVE-2015-8707
|
2024-11-21 11:38 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
