|
267361
|
8.8 |
HIGH
Network
|
yeager
|
yeager_cms
|
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
|
CWE-89
SQL Injection
|
CVE-2015-7569
|
2024-11-21 11:37 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267362
|
9.8 |
CRITICAL
Network
|
yeager
|
yeager_cms
|
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
|
CWE-89
SQL Injection
|
CVE-2015-7568
|
2024-11-21 11:37 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267363
|
5.5 |
MEDIUM
Local
|
huawei
|
p7_firmware
p8_ale-ul00_firmware
|
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application th…
|
CWE-20
Improper Input Validation
|
CVE-2015-7740
|
2024-11-21 11:37 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267364
|
8.8 |
HIGH
Network
|
samsung
|
galaxy_s6
|
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
|
CWE-20
Improper Input Validation
|
CVE-2015-7893
|
2024-11-21 11:37 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267365
|
9.8 |
CRITICAL
Network
|
botan_project
|
botan
|
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by acc…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-7826
|
2024-11-21 11:37 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267366
|
7.5 |
HIGH
Network
|
botan_project
|
botan
|
botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the cer…
|
NVD-CWE-Other
|
CVE-2015-7825
|
2024-11-21 11:37 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267367
|
7.5 |
HIGH
Network
|
botan_project
|
botan
|
botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.
|
CWE-200
Information Exposure
|
CVE-2015-7824
|
2024-11-21 11:37 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267368
|
5.5 |
MEDIUM
Local
|
huawei
|
e3272s_firmware
|
Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious …
|
CWE-20
Improper Input Validation
|
CVE-2015-7847
|
2024-11-21 11:37 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267369
|
7.5 |
HIGH
Network
|
huawei
|
fusionaccess
|
Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not …
|
CWE-20
Improper Input Validation
|
CVE-2015-7844
|
2024-11-21 11:37 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267370
|
6.1 |
MEDIUM
Network
|
icinga
opensuse_project
opensuse
|
icinga
leap
|
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8010
|
2024-11-21 11:37 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
