|
272161
|
- |
|
samsung
|
samsung_security_manager
|
Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3435
|
2024-11-21 11:29 |
2015-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272162
|
- |
|
elasticsearch
|
elasticsearch
|
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2015-3337
|
2024-11-21 11:29 |
2015-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272163
|
- |
|
hospira
|
lifecare_pcainfusion_firmware
lifecare_pca3
lifecare_pca5
|
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuratio…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3459
|
2024-11-21 11:29 |
2015-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272164
|
- |
|
magento
|
magento
|
The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a templat…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3458
|
2024-11-21 11:29 |
2015-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272165
|
- |
|
magento
|
magento
|
Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter.
|
CWE-287
Improper Authentication
|
CVE-2015-3457
|
2024-11-21 11:29 |
2015-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272166
|
- |
|
rest-client_project
|
rest-client
|
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
|
CWE-200
Information Exposure
|
CVE-2015-3448
|
2024-11-21 11:29 |
2015-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272167
|
- |
|
sonicwall
|
sonicos
|
Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchS…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3447
|
2024-11-21 11:29 |
2015-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272168
|
- |
|
xen
suse
fedoraproject
debian
opensuse
|
xen
suse_linux_enterprise_server
suse_linux_enterprise_software_development_kit
suse_linux_enterprise_desktop
fedora
debian_linux
linux_enterprise_software_development_kit
linux_…
|
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_g…
|
CWE-200
Information Exposure
|
CVE-2015-3340
|
2024-11-21 11:29 |
2015-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272169
|
- |
|
ffmpeg
debian
|
ffmpeg
debian_linux
|
Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other im…
|
NVD-CWE-Other
|
CVE-2015-3417
|
2024-11-21 11:29 |
2015-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272170
|
- |
|
canonical
sqlite
debian
apple
php
|
ubuntu_linux
sqlite
debian_linux
mac_os_x
watchos
php
|
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to caus…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2015-3416
|
2024-11-21 11:29 |
2015-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
