|
273191
|
5.9 |
MEDIUM
Network
|
http.rb_project
|
http.rb
|
The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.
|
CWE-200
Information Exposure
|
CVE-2015-1828
|
2024-11-21 11:26 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273192
|
7.8 |
HIGH
Local
|
pngcrush_project
|
pngcrush
|
Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary c…
|
CWE-189
Numeric Errors
|
CVE-2015-2158
|
2024-11-21 11:26 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273193
|
6.1 |
MEDIUM
Network
|
emberjs
|
ember.js
|
Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.
|
CWE-79
Cross-site Scripting
|
CVE-2015-1866
|
2024-11-21 11:26 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273194
|
4.7 |
MEDIUM
Local
|
gnu
|
coreutils
|
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
|
CWE-362
Race Condition
|
CVE-2015-1865
|
2024-11-21 11:26 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273195
|
5.9 |
MEDIUM
Network
|
redhat
|
jboss_enterprise_application_platform
|
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential pas…
|
CWE-200
Information Exposure
|
CVE-2015-1849
|
2024-11-21 11:26 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273196
|
5.4 |
MEDIUM
Network
|
kallithea-scm
|
kallithea
|
Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) l…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1864
|
2024-11-21 11:26 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273197
|
7.5 |
HIGH
Network
|
fedoraproject
debian
|
389_directory_server
fedora
debian_linux
|
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
|
CWE-284
Improper Access Control
|
CVE-2015-1854
|
2024-11-21 11:26 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273198
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2046
|
2024-11-21 11:26 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273199
|
7.5 |
HIGH
Network
|
estrongs
|
es_file_explorer
|
Directory traversal vulnerability in ES File Explorer 3.2.4.1.
|
CWE-22
Path Traversal
|
CVE-2015-1876
|
2024-11-21 11:26 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273200
|
9.8 |
CRITICAL
Network
|
samsung
|
galaxy_s4_firmware
|
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-1801
|
2024-11-21 11:26 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
