|
270201
|
6.1 |
MEDIUM
Network
|
strangerstudios
|
paid_memberships_pro
|
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5532
|
2024-11-21 11:33 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270202
|
7.8 |
HIGH
Local
|
cumulusnetworks
|
cumulus_linux
|
The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5699
|
2024-11-21 11:33 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270203
|
9.8 |
CRITICAL
Network
|
golang
fedoraproject
redhat
|
go
fedora
enterprise_linux_server_aus
enterprise_linux_server_tus
enterprise_linux_server
enterprise_linux_server_eus
|
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Co…
|
CWE-444
HTTP Request Smuggling
|
CVE-2015-5740
|
2024-11-21 11:33 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270204
|
9.8 |
CRITICAL
Network
|
golang
fedoraproject
redhat
|
go
fedora
enterprise_linux_server_aus
enterprise_linux_server_tus
enterprise_linux_server
enterprise_linux_server_eus
|
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instea…
|
CWE-444
HTTP Request Smuggling
|
CVE-2015-5739
|
2024-11-21 11:33 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270205
|
7.8 |
HIGH
Local
|
freebsd
|
freebsd
|
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5675
|
2024-11-21 11:33 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270206
|
7.4 |
HIGH
Network
|
dwango
|
niconico
|
niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-5639
|
2024-11-21 11:33 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270207
|
5.4 |
MEDIUM
Network
|
octobercms
|
october
|
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerabil…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5613
|
2024-11-21 11:33 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270208
|
7.8 |
HIGH
Local
|
devscripts_devel_team
fedoraproject
|
devscripts
fedora
|
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
|
CWE-77
Command Injection
|
CVE-2015-5704
|
2024-11-21 11:33 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270209
|
5.9 |
MEDIUM
Network
|
ana
|
all_nippon_airways
|
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-5666
|
2024-11-21 11:33 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270210
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
|
CWE-601
Open Redirect
|
CVE-2015-5608
|
2024-11-21 11:33 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
