|
270571
|
8.8 |
HIGH
Network
|
cakephp
|
cakephp
|
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
|
CWE-352
Origin Validation Error
|
CVE-2015-8379
|
2024-11-21 11:38 |
2016-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270572
|
9.8 |
CRITICAL
Network
|
harman
|
amx_firmware
|
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access…
|
CWE-255
Credentials Management
|
CVE-2015-8362
|
2024-11-21 11:38 |
2016-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270573
|
7.3 |
HIGH
Network
|
apple
libpng
|
mac_os_x
libpng
|
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8472
|
2024-11-21 11:38 |
2016-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270574
|
7.0 |
HIGH
Network
|
isc
|
bind
|
buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash)…
|
CWE-20
Improper Input Validation
|
CVE-2015-8705
|
2024-11-21 11:38 |
2016-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270575
|
6.5 |
MEDIUM
Network
|
isc
|
bind
|
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed …
|
CWE-20
Improper Input Validation
|
CVE-2015-8704
|
2024-11-21 11:38 |
2016-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270576
|
9.8 |
CRITICAL
Network
|
php
|
php
|
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a …
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2015-8617
|
2024-11-21 11:38 |
2016-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270577
|
8.6 |
HIGH
Network
|
php
|
php
|
Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application …
|
NVD-CWE-Other
|
CVE-2015-8616
|
2024-11-21 11:38 |
2016-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270578
|
5.4 |
MEDIUM
Network
|
gajim
|
gajim
|
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
|
CWE-20
Improper Input Validation
|
CVE-2015-8688
|
2024-11-21 11:38 |
2016-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270579
|
6.1 |
MEDIUM
Network
|
dolibarr
|
dolibarr
|
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the ba…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8685
|
2024-11-21 11:38 |
2016-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270580
|
6.2 |
MEDIUM
Local
|
huawei
|
s5300_firmware
|
Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password informa…
|
CWE-255
Credentials Management
|
CVE-2015-8675
|
2024-11-21 11:38 |
2016-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
