|
272171
|
7.2 |
HIGH
Network
|
arubanetworks
|
clearpass
|
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authori…
|
CWE-285
Improper Authorization
|
CVE-2015-3656
|
2024-11-21 11:29 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272172
|
8.8 |
HIGH
Network
|
arubanetworks
|
clearpass
|
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators b…
|
CWE-352
Origin Validation Error
|
CVE-2015-3655
|
2024-11-21 11:29 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272173
|
7.2 |
HIGH
Network
|
arubanetworks
|
clearpass
|
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than …
|
CWE-284
Improper Access Control
|
CVE-2015-3654
|
2024-11-21 11:29 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272174
|
7.2 |
HIGH
Network
|
arubanetworks
|
clearpass
|
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequen…
|
CWE-284
Improper Access Control
|
CVE-2015-3653
|
2024-11-21 11:29 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272175
|
6.1 |
MEDIUM
Network
|
zend
|
diactoros
|
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3257
|
2024-11-21 11:29 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272176
|
7.8 |
HIGH
Local
|
fortinet
|
fortimanager_firmware
|
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3617
|
2024-11-21 11:29 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272177
|
7.8 |
HIGH
Local
|
open-uri-cached_project
|
open-uri-cached
|
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directo…
|
CWE-20
Improper Input Validation
|
CVE-2015-3649
|
2024-11-21 11:29 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272178
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortimanager_firmware
|
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
|
CWE-89
SQL Injection
|
CVE-2015-3616
|
2024-11-21 11:29 |
2017-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272179
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortimanager_firmware
|
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involvin…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3615
|
2024-11-21 11:29 |
2017-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272180
|
7.5 |
HIGH
Network
|
fortinet
|
fortimanager_firmware
|
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
|
CWE-200
Information Exposure
|
CVE-2015-3614
|
2024-11-21 11:29 |
2017-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
