|
270171
|
- |
|
picketlink
|
picketlink
|
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location …
|
CWE-17
Code
|
CVE-2015-6254
|
2024-11-21 11:34 |
2015-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270172
|
- |
|
fortinet
|
fortios
|
The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a craft…
|
CWE-20
Improper Input Validation
|
CVE-2015-5965
|
2024-11-21 11:34 |
2015-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270173
|
- |
|
mozilla
|
firefox_os
|
Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allo…
|
CWE-189
Numeric Errors
|
CVE-2015-5962
|
2024-11-21 11:34 |
2015-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270174
|
- |
|
mozilla
|
firefox_os
|
The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5961
|
2024-11-21 11:34 |
2015-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270175
|
- |
|
mozilla
|
firefox_os
|
Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount…
|
CWE-284
Improper Access Control
|
CVE-2015-5960
|
2024-11-21 11:34 |
2015-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270176
|
9.8 |
CRITICAL
Network
|
yiiframework
|
yii
|
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
|
CWE-22
Path Traversal
|
CVE-2015-5467
|
2024-11-21 11:33 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270177
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validate…
|
CWE-120
Classic Buffer Overflow
|
CVE-2015-5524
|
2024-11-21 11:33 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270178
|
9.8 |
CRITICAL
Network
|
lenovo
|
b50-10_firmware
flex_2_pro-15_firmware
edge_15_firmware
flex_3-1470_firmware
flex_3-1570_firmware
flex_3-1120_firmware
g40-80_firmware
g50-80_firmware
g50-80_touch_firmware
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (…
|
CWE-120
Classic Buffer Overflow
|
CVE-2015-5684
|
2024-11-21 11:33 |
2020-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
270179
|
8.8 |
HIGH
Network
|
puppet
|
puppet_enterprise
|
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrus…
|
CWE-352
CWE-1021
Origin Validation Error
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2015-5686
|
2024-11-21 11:33 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270180
|
9.8 |
CRITICAL
Network
|
enorth
|
webpublisher_cms
|
SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.
|
CWE-89
SQL Injection
|
CVE-2015-5617
|
2024-11-21 11:33 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
