|
271771
|
- |
|
opensuse
gnu
|
opensuse
parallel
|
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
|
CWE-59
Link Following
|
CVE-2015-4156
|
2024-11-21 11:30 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271772
|
- |
|
gnu
|
parallel
|
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
|
CWE-59
Link Following
|
CVE-2015-4155
|
2024-11-21 11:30 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271773
|
- |
|
thycotic
|
secret_server
|
The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-4094
|
2024-11-21 11:30 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271774
|
- |
|
sensiolabs
|
symfony
|
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if …
|
CWE-284
Improper Access Control
|
CVE-2015-4050
|
2024-11-21 11:30 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271775
|
- |
|
djangoproject
|
django
|
The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the …
|
NVD-CWE-Other
|
CVE-2015-3982
|
2024-11-21 11:30 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271776
|
- |
|
ids
|
nc854
nc856
|
Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web s…
|
CWE-22
Path Traversal
|
CVE-2015-3939
|
2024-11-21 11:30 |
2015-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271777
|
- |
|
blue_coat
|
ssl_visibility_appliance_sv1800_firmware
ssl_visibility_appliance_sv800_firmware
ssl_visibility_appliance_sv3800_firmware
ssl_visibility_appliance_sv2800_firmware
|
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administ…
|
CWE-200
Information Exposure
|
CVE-2015-4138
|
2024-11-21 11:30 |
2015-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271778
|
- |
|
arcserve
|
arcserve_unified_data_protection
|
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolic…
|
CWE-200
Information Exposure
|
CVE-2015-4069
|
2024-11-21 11:30 |
2015-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271779
|
- |
|
dell
|
netvault_backup
|
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which trig…
|
CWE-189
Numeric Errors
|
CVE-2015-4067
|
2024-11-21 11:30 |
2015-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271780
|
- |
|
wavelink
|
connectpro
|
Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-4060
|
2024-11-21 11:30 |
2015-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
