|
266941
|
6.1 |
MEDIUM
Network
|
exponentcms
|
exponent_cms
|
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspe…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8684
|
2024-11-21 11:38 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266942
|
6.1 |
MEDIUM
Network
|
exponentcms
|
exponent_cms
|
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8667
|
2024-11-21 11:38 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266943
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a desc…
|
CWE-193
Off-by-one Error
|
CVE-2015-8701
|
2024-11-21 11:38 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266944
|
8.8 |
HIGH
Network
|
open-xchange
|
ox_guard
|
An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Cl…
|
CWE-320
Key Management Errors
|
CVE-2015-8542
|
2024-11-21 11:38 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266945
|
6.1 |
MEDIUM
Network
|
broadcom
|
release_automation
|
Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 befo…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8699
|
2024-11-21 11:38 |
2016-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266946
|
7.1 |
HIGH
Local
|
broadcom
|
release_automation
|
CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary…
|
NVD-CWE-Other
|
CVE-2015-8698
|
2024-11-21 11:38 |
2016-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266947
|
7.5 |
HIGH
Network
|
netgear
|
d3600_firmware
d6000_firmware
|
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator pass…
|
CWE-255
CWE-200
Credentials Management
Information Exposure
|
CVE-2015-8289
|
2024-11-21 11:38 |
2016-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266948
|
5.9 |
MEDIUM
Network
|
netgear
|
d3600_firmware
d6000_firmware
|
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote att…
|
NVD-CWE-Other
|
CVE-2015-8288
|
2024-11-21 11:38 |
2016-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266949
|
7.5 |
HIGH
Network
|
idera
|
uptime_infrastructure_monitor
|
The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-8268
|
2024-11-21 11:38 |
2016-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266950
|
8.8 |
HIGH
Network
|
broadcom
|
symantec_data_center_security_server
symantec_critical_system_protection
symantec_embedded_security_critical_system_protection
symantec_data_center_security_server_and_agents
symantec_emb…
|
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Contro…
|
CWE-89
SQL Injection
|
CVE-2015-8157
|
2024-11-21 11:38 |
2016-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
