|
267761
|
5.5 |
MEDIUM
Local
|
imagemagick
|
imagemagick
|
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2015-8900
|
2024-11-21 11:39 |
2017-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267762
|
7.5 |
HIGH
Network
|
debian
dicom
|
debian_linux
dcmtk
|
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8979
|
2024-11-21 11:39 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267763
|
9.8 |
CRITICAL
Network
|
gosa_project
|
gosa_plugin
|
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.
|
CWE-94
Code Injection
|
CVE-2015-8771
|
2024-11-21 11:39 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267764
|
9.8 |
CRITICAL
Network
|
click_project
canonical
|
click
ubuntu_linux
|
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-8768
|
2024-11-21 11:39 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267765
|
6.5 |
MEDIUM
Network
|
libdwarf_project
|
libdwarf
|
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2015-8750
|
2024-11-21 11:39 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267766
|
6.1 |
MEDIUM
Network
|
squidguard
|
squidguard
|
Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8936
|
2024-11-21 11:39 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267767
|
8.8 |
HIGH
Network
|
dotclear
|
dotclear
|
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries…
|
CWE-284
Improper Access Control
|
CVE-2015-8832
|
2024-11-21 11:39 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267768
|
6.1 |
MEDIUM
Network
|
dotclear
|
dotclear
|
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8831
|
2024-11-21 11:39 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267769
|
7.5 |
HIGH
Network
|
mybb
|
mybb
merge_system
|
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2015-8977
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267770
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
merge_system
|
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web scr…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8976
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
