|
271841
|
7.8 |
HIGH
Local
|
usb-creator_project
|
usb-creator
|
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3643
|
2024-11-21 11:29 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271842
|
6.1 |
MEDIUM
Network
|
nodebb
|
nodebb
|
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3296
|
2024-11-21 11:29 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271843
|
6.1 |
MEDIUM
Network
|
pydio
|
pydio
|
Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS V…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3432
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271844
|
9.8 |
CRITICAL
Network
|
pydio
|
pydio
|
Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."
|
CWE-78
OS Command
|
CVE-2015-3431
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271845
|
5.9 |
MEDIUM
Network
|
dovecot
fedoraproject
|
dovecot
fedora
|
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-3420
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271846
|
6.5 |
MEDIUM
Network
|
vbulletin
|
vbulletin
|
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.
|
CWE-20
Improper Input Validation
|
CVE-2015-3419
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271847
|
6.1 |
MEDIUM
Network
|
floating_social_bar_project
|
floating_social_bar
|
Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original se…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3299
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271848
|
8.1 |
HIGH
Network
|
tune_library_project
|
tune_library
|
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
|
CWE-89
SQL Injection
|
CVE-2015-3314
|
2024-11-21 11:29 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271849
|
9.8 |
CRITICAL
Network
|
community_events_project
|
community_events
|
SQL injection vulnerability in WordPress Community Events plugin before 1.4.
|
CWE-89
SQL Injection
|
CVE-2015-3313
|
2024-11-21 11:29 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271850
|
9.8 |
CRITICAL
Network
|
soreco
|
xpert.line
|
Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call.
|
CWE-287
Improper Authentication
|
CVE-2015-3442
|
2024-11-21 11:29 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
