|
268131
|
- |
|
freeswitch
|
freeswitch
|
Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-7392
|
2024-11-21 11:36 |
2015-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268132
|
- |
|
xen
|
xen
|
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
|
CWE-17
Code
|
CVE-2015-7311
|
2024-11-21 11:36 |
2015-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268133
|
7.5 |
HIGH
Network
|
rpcbind_project
canonical
debian
oracle
|
rpcbind
ubuntu_linux
debian_linux
solaris
|
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMA…
|
NVD-CWE-Other
|
CVE-2015-7236
|
2024-11-21 11:36 |
2015-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268134
|
- |
|
ipython
jupyter
|
notebook
|
The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files…
|
CWE-20
Improper Input Validation
|
CVE-2015-7337
|
2024-11-21 11:36 |
2015-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268135
|
- |
|
codepeople
|
appointment_booking_calendar
|
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers …
|
CWE-79
Cross-site Scripting
|
CVE-2015-7320
|
2024-11-21 11:36 |
2015-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268136
|
- |
|
codepeople
|
appointment_booking_calendar
|
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQ…
|
CWE-89
SQL Injection
|
CVE-2015-7319
|
2024-11-21 11:36 |
2015-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268137
|
- |
|
zohocorp
|
manageengine_eventlog_analyzer
|
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallow…
|
CWE-89
SQL Injection
|
CVE-2015-7387
|
2024-11-21 11:36 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268138
|
- |
|
ghozylab
|
gallery_-_photo_albums_-_portfolio
|
Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrar…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7386
|
2024-11-21 11:36 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268139
|
- |
|
refbase
|
refbase
|
Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7383
|
2024-11-21 11:36 |
2015-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268140
|
- |
|
refbase
|
refbase
|
SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a dif…
|
CWE-89
SQL Injection
|
CVE-2015-7382
|
2024-11-21 11:36 |
2015-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
