|
272191
|
6.1 |
MEDIUM
Network
|
zte
|
zxhn_h108n_r1a_firmware
|
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the error…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7252
|
2024-11-21 11:36 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272192
|
9.8 |
CRITICAL
Network
|
zte
|
zxhn_h108n_r1a_firmware
|
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
|
CWE-255
Credentials Management
|
CVE-2015-7251
|
2024-11-21 11:36 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272193
|
7.5 |
HIGH
Network
|
zte
|
zxhn_h108n_r1a_firmware
|
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getp…
|
CWE-22
Path Traversal
|
CVE-2015-7250
|
2024-11-21 11:36 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272194
|
4.9 |
MEDIUM
Network
|
zte
|
zxhn_h108n_r1a_firmware
|
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-7249
|
2024-11-21 11:36 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272195
|
7.5 |
HIGH
Network
|
zte
|
zxhn_h108n_r1a_firmware
|
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability…
|
CWE-200
Information Exposure
|
CVE-2015-7248
|
2024-11-21 11:36 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272196
|
7.5 |
HIGH
Network
|
samba
canonical
debian
|
samba
ubuntu_linux
debian_linux
|
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of se…
|
CWE-399
Resource Management Errors
|
CVE-2015-7540
|
2024-11-21 11:36 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272197
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.
|
CWE-20
Improper Input Validation
|
CVE-2015-7509
|
2024-11-21 11:36 |
2015-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272198
|
- |
|
ibm
|
websphere_portal
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
CWE-79
Cross-site Scripting
|
CVE-2015-7413
|
2024-11-21 11:36 |
2015-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272199
|
- |
|
cool_video_gallery_project
|
cool_video_gallery
|
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fie…
|
CWE-20
Improper Input Validation
|
CVE-2015-7527
|
2024-11-21 11:36 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272200
|
- |
|
theforeman
|
foreman
|
Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart c…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7518
|
2024-11-21 11:36 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
