|
273991
|
8.8 |
HIGH
Network
|
synametrics
|
synaman
syncrify
syntail
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
|
CWE-352
Origin Validation Error
|
CVE-2015-3140
|
2024-11-21 11:28 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273992
|
6.1 |
MEDIUM
Network
|
ikiwiki
fedoraproject
|
ikiwiki
fedora
|
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parame…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2793
|
2024-11-21 11:28 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273993
|
7.5 |
HIGH
Network
|
postgresql
debian
canonical
|
postgresql
debian_linux
ubuntu_linux
|
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which …
|
CWE-200
Information Exposure
|
CVE-2015-3167
|
2024-11-21 11:28 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273994
|
9.8 |
CRITICAL
Network
|
postgresql
debian
canonical
|
postgresql
debian_linux
ubuntu_linux
|
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-3166
|
2024-11-21 11:28 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273995
|
6.1 |
MEDIUM
Network
|
projectpier
|
projectpier
|
Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.ph…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2796
|
2024-11-21 11:28 |
2018-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273996
|
5.9 |
MEDIUM
Network
|
yodobashi
|
yodobashi
|
The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2981
|
2024-11-21 11:28 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273997
|
9.8 |
CRITICAL
Network
|
apache
|
traffic_server
|
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-3249
|
2024-11-21 11:28 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273998
|
8.8 |
HIGH
Network
|
watchguard
|
hawkeye_g
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary acco…
|
CWE-352
Origin Validation Error
|
CVE-2015-2878
|
2024-11-21 11:28 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273999
|
5.9 |
MEDIUM
Network
|
fedoraproject
|
spin-kickstarts
|
fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3229
|
2024-11-21 11:28 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274000
|
9.8 |
CRITICAL
Network
|
berta
|
berta_cms
|
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct re…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-2780
|
2024-11-21 11:28 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
