|
268001
|
8.8 |
HIGH
Network
|
huawei
|
vcm5010_firmware
vcm5020_firmware
|
Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and p…
|
CWE-287
Improper Authentication
|
CVE-2015-8332
|
2024-11-21 11:38 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268002
|
7.8 |
HIGH
Local
|
polycom
|
btoe_connector
|
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privilege…
|
CWE-275
Permission Issues
|
CVE-2015-8300
|
2024-11-21 11:38 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268003
|
8.8 |
HIGH
Network
|
orion-soft
|
bitrix
|
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" par…
|
CWE-89
SQL Injection
|
CVE-2015-8355
|
2024-11-21 11:38 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268004
|
9.8 |
CRITICAL
Network
|
zen-cart
|
zen_cart
|
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
|
CWE-22
Path Traversal
|
CVE-2015-8352
|
2024-11-21 11:38 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268005
|
7.8 |
HIGH
Local
|
lxdm_project
|
lxdm
|
LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.
|
CWE-287
Improper Authentication
|
CVE-2015-8308
|
2024-11-21 11:38 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268006
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8596
|
2024-11-21 11:38 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268007
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8595
|
2024-11-21 11:38 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268008
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8594
|
2024-11-21 11:38 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268009
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8593
|
2024-11-21 11:38 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268010
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.
|
CWE-476
NULL Pointer Dereference
|
CVE-2015-8592
|
2024-11-21 11:38 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
