|
273111
|
- |
|
apple
|
iphone_os
|
The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5787
|
2024-11-21 11:33 |
2015-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273112
|
- |
|
sudo_project
|
sudo
|
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5602
|
2024-11-21 11:33 |
2015-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273113
|
- |
|
hp
|
archsight_management_center
arcsight_logger
|
Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspec…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5441
|
2024-11-21 11:33 |
2015-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273114
|
- |
|
adways
|
party_track_sdk
|
The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c…
|
CWE-310
Cryptographic Issues
|
CVE-2015-5655
|
2024-11-21 11:33 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273115
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML v…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5734
|
2024-11-21 11:33 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273116
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5733
|
2024-11-21 11:33 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273117
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary …
|
CWE-79
Cross-site Scripting
|
CVE-2015-5732
|
2024-11-21 11:33 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273118
|
- |
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, an…
|
CWE-352
Origin Validation Error
|
CVE-2015-5731
|
2024-11-21 11:33 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273119
|
- |
|
wordpress
|
wordpress
|
The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to con…
|
CWE-200
Information Exposure
|
CVE-2015-5730
|
2024-11-21 11:33 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273120
|
- |
|
typemoon
|
witch_on_the_holy_night
fate\/stay_night
fate\/stay_night_\+_hollow_ataraxia_set
fate\/hollow_ataraxia
|
TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data.
|
CWE-78
OS Command
|
CVE-2015-5672
|
2024-11-21 11:33 |
2015-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
