|
274981
|
7.8 |
HIGH
Local
|
netlock
|
mokka
|
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Ob…
|
CWE-91
Blind XPath Injection
|
CVE-2015-3932
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274982
|
7.8 |
HIGH
Local
|
microsec
|
e-szigno
|
Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:…
|
CWE-91
Blind XPath Injection
|
CVE-2015-3931
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274983
|
9.8 |
CRITICAL
Network
|
libinfinity_project
|
libinfinity
|
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-3886
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274984
|
7.5 |
HIGH
Network
|
huawei
|
s2300_firmware
s2700_firmware
s3300_firmware
s3700_firmware
s5300ei_firmware
s5700ei_firmware
s5300si_firmware
s5700si_firmware
s5300hi_firmware
s5700hi_firmware
s6300ei…
|
The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.
|
CWE-20
Improper Input Validation
|
CVE-2015-3913
|
2024-11-21 11:30 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274985
|
7.5 |
HIGH
Network
|
pgbouncer
|
pgbouncer
|
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.
|
CWE-476
NULL Pointer Dereference
|
CVE-2015-4054
|
2024-11-21 11:30 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274986
|
7.2 |
HIGH
Network
|
alienvault
|
open_source_security_information_management
|
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.
|
CWE-77
Command Injection
|
CVE-2015-4046
|
2024-11-21 11:30 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274987
|
6.7 |
MEDIUM
Local
|
alienvault
|
open_source_security_information_management
|
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4045
|
2024-11-21 11:30 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274988
|
6.1 |
MEDIUM
Network
|
wow_new_media
|
wow_moodboard_lite
|
Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and con…
|
CWE-601
Open Redirect
|
CVE-2015-4070
|
2024-11-21 11:30 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274989
|
6.1 |
MEDIUM
Network
|
clickfraud-monitoring
phpwhois_project
|
adsense-click-fraud-monitoring
phpwhois
|
Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3998
|
2024-11-21 11:30 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274990
|
9.8 |
CRITICAL
Network
|
cloudera
|
key_trustee_server
|
Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key.
|
CWE-320
Key Management Errors
|
CVE-2015-4166
|
2024-11-21 11:30 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
