|
271311
|
7.0 |
HIGH
Local
|
sudo_project
|
sudo
|
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
|
CWE-362
Race Condition
|
CVE-2015-8239
|
2024-11-21 11:38 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271312
|
9.8 |
CRITICAL
Network
|
manageengine
|
desktop_central
|
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-8249
|
2024-11-21 11:38 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271313
|
9.8 |
CRITICAL
Network
|
magento
|
magento
|
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via …
|
CWE-200
Information Exposure
|
CVE-2015-8707
|
2024-11-21 11:38 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271314
|
5.4 |
MEDIUM
Network
|
php-fusion
|
php-fusion
|
Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8375
|
2024-11-21 11:38 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271315
|
5.9 |
MEDIUM
Network
|
unify
|
openstage_60_firmware
openscape_desk_phone_ip_55g_sip_firmware
openstage_15_firmware
openstage_20e_firmware
openstage_20_firmware
openstage_40_firmware
openscape_desk_phone_ip_35g_s…
|
OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone…
|
CWE-200
Information Exposure
|
CVE-2015-8251
|
2024-11-21 11:38 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271316
|
7.5 |
HIGH
Network
|
chef
|
chef
|
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
|
CWE-200
Information Exposure
|
CVE-2015-8559
|
2024-11-21 11:38 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271317
|
3.7 |
LOW
Network
|
huawei
|
p8_firmware
|
Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths.
|
CWE-200
Information Exposure
|
CVE-2015-8224
|
2024-11-21 11:38 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271318
|
6.1 |
MEDIUM
Network
|
ultimatemember
|
ultimate_member
|
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8354
|
2024-11-21 11:38 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271319
|
6.1 |
MEDIUM
Network
|
role_scoper_project
|
role_scoper
|
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-obj…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8353
|
2024-11-21 11:38 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271320
|
9.0 |
CRITICAL
Network
|
gwolle_guestbook_project
|
gwolle_guestbook
|
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code v…
|
CWE-94
Code Injection
|
CVE-2015-8351
|
2024-11-21 11:38 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
