|
274051
|
9.8 |
CRITICAL
Network
|
novell
|
zenworks_configuration_management
|
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecif…
|
CWE-22
Path Traversal
|
CVE-2015-0781
|
2024-11-21 11:23 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274052
|
9.8 |
CRITICAL
Network
|
novell
|
zenworks_configuration_management
|
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via…
|
CWE-89
SQL Injection
|
CVE-2015-0780
|
2024-11-21 11:23 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274053
|
8.1 |
HIGH
Network
|
hp
|
linux_imaging_and_printing
|
The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to ve…
|
CWE-320
Key Management Errors
|
CVE-2015-0839
|
2024-11-21 11:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274054
|
5.9 |
MEDIUM
Network
|
shidax
|
restaurant_karaoke
|
The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-0904
|
2024-11-21 11:23 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274055
|
6.1 |
MEDIUM
Network
|
cisco
|
cloud_web_security
|
Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2015-0674
|
2024-11-21 11:23 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274056
|
8.0 |
HIGH
Adjacent
|
samsung
|
galaxy_app
samsung_account_app
|
Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0864
|
2024-11-21 11:23 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274057
|
8.0 |
HIGH
Adjacent
|
samsung
|
galaxy_app
samsung_account_app
|
GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary cod…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0863
|
2024-11-21 11:23 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274058
|
9.8 |
CRITICAL
Network
|
pitivi
|
pitivi
|
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path.
|
CWE-94
Code Injection
|
CVE-2015-0855
|
2024-11-21 11:23 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274059
|
7.8 |
HIGH
Local
|
shutter-project
|
shutter
|
App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.
|
CWE-19
Data Processing Errors
|
CVE-2015-0854
|
2024-11-21 11:23 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274060
|
6.1 |
MEDIUM
Network
|
netiq
|
identity_manager
|
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.
|
CWE-79
Cross-site Scripting
|
CVE-2015-0787
|
2024-11-21 11:23 |
2016-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
