|
270551
|
- |
|
nucleuscms
|
nucleus_cms
|
Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.
|
CWE-79
Cross-site Scripting
|
CVE-2015-5454
|
2024-11-21 11:33 |
2015-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270552
|
- |
|
watchguard
|
xcs
|
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.
|
CWE-77
Command Injection
|
CVE-2015-5453
|
2024-11-21 11:33 |
2015-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270553
|
- |
|
watchguard
|
xcs
|
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost…
|
CWE-89
SQL Injection
|
CVE-2015-5452
|
2024-11-21 11:33 |
2015-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270554
|
6.5 |
MEDIUM
Network
|
jenkins
|
google_login
|
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps …
|
CWE-287
Improper Authentication
|
CVE-2015-5298
|
2024-11-21 11:32 |
2022-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270555
|
7.5 |
HIGH
Network
|
icedtea-web_project
|
icedtea-web
|
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not h…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2015-5236
|
2024-11-21 11:32 |
2022-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270556
|
6.5 |
MEDIUM
Network
|
juniper
|
junos
|
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specifi…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2015-5361
|
2024-11-21 11:32 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270557
|
7.5 |
HIGH
Network
|
redhat
|
enterprise_virtualization_hypervisor
enterprise_virtualization
|
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2015-5201
|
2024-11-21 11:32 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270558
|
6.1 |
MEDIUM
Network
|
ipsilon-project
|
ipsilon
|
The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to cond…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5216
|
2024-11-21 11:32 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270559
|
6.1 |
MEDIUM
Network
|
ipsilon-project
|
ipsilon
|
The default configuration of the Jinja templating engine used in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attac…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5215
|
2024-11-21 11:32 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270560
|
7.5 |
HIGH
Network
|
openbsd
opensuse
|
libressl
opensuse
|
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 cert…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2015-5333
|
2024-11-21 11:32 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
