|
276731
|
- |
|
google
|
chrome
|
The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-1213
|
2024-11-21 11:24 |
2015-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276732
|
- |
|
nvidia
|
gpu_driver_r304
gpu_driver_r346
gpu_driver_r340
gpu_driver_r343
|
The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel adm…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1170
|
2024-11-21 11:24 |
2015-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276733
|
- |
|
sharelatex
|
sharelatex
|
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename.
|
CWE-77
Command Injection
|
CVE-2015-0934
|
2024-11-21 11:24 |
2015-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276734
|
- |
|
sharelatex
|
sharelatex
|
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include comman…
|
CWE-22
Path Traversal
|
CVE-2015-0933
|
2024-11-21 11:24 |
2015-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276735
|
- |
|
network_vision
|
intravue
|
Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2015-0977
|
2024-11-21 11:24 |
2015-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276736
|
- |
|
gnu
|
cpio
|
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
|
NVD-CWE-Other
|
CVE-2015-1197
|
2024-11-21 11:24 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276737
|
- |
|
ektron
|
ektron_content_management_system
|
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document,…
|
CWE-74
Injection
|
CVE-2015-0931
|
2024-11-21 11:24 |
2015-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276738
|
- |
|
ektron
|
ektron_content_management_system
|
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via a…
|
NVD-CWE-Other
|
CVE-2015-0923
|
2024-11-21 11:24 |
2015-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276739
|
- |
|
holding_pattern_project
|
holding_pattern
|
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code …
|
NVD-CWE-Other
|
CVE-2015-1172
|
2024-11-21 11:24 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276740
|
- |
|
apereo
|
central_authentication_service
|
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid passw…
|
CWE-74
Injection
|
CVE-2015-1169
|
2024-11-21 11:24 |
2015-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
