|
268801
|
5.4 |
MEDIUM
Network
|
fomori
|
cherrymusic
|
Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8310
|
2024-11-21 11:38 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268802
|
4.3 |
MEDIUM
Network
|
fomori
|
cherrymusic
|
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
|
CWE-22
Path Traversal
|
CVE-2015-8309
|
2024-11-21 11:38 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268803
|
5.5 |
MEDIUM
Local
|
huawei
|
mate_s_firmware
p8_firmware
|
The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 …
|
CWE-20
Improper Input Validation
|
CVE-2015-8678
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268804
|
10.0 |
CRITICAL
Network
|
qemu
|
qemu
|
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
|
CWE-362
Race Condition
|
CVE-2015-8556
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268805
|
5.4 |
MEDIUM
Network
|
alcatel-lucent
|
motive_home_device_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8687
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268806
|
5.3 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.2…
|
CWE-200
Information Exposure
|
CVE-2015-8628
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268807
|
5.3 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers…
|
CWE-284
Improper Access Control
|
CVE-2015-8627
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268808
|
9.8 |
CRITICAL
Network
|
mediawiki
|
mediawiki
|
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which ma…
|
CWE-255
Credentials Management
|
CVE-2015-8626
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268809
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read…
|
CWE-200
Information Exposure
|
CVE-2015-8625
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268810
|
8.8 |
HIGH
Network
|
mediawiki
|
mediawiki
|
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant …
|
CWE-352
Origin Validation Error
|
CVE-2015-8624
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
