|
277651
|
- |
|
sharelatex
|
sharelatex
|
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include comman…
|
CWE-22
Path Traversal
|
CVE-2015-0933
|
2024-11-21 11:24 |
2015-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277652
|
- |
|
network_vision
|
intravue
|
Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2015-0977
|
2024-11-21 11:24 |
2015-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277653
|
- |
|
gnu
|
cpio
|
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
|
NVD-CWE-Other
|
CVE-2015-1197
|
2024-11-21 11:24 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277654
|
- |
|
ektron
|
ektron_content_management_system
|
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document,…
|
CWE-74
Injection
|
CVE-2015-0931
|
2024-11-21 11:24 |
2015-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277655
|
- |
|
ektron
|
ektron_content_management_system
|
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via a…
|
NVD-CWE-Other
|
CVE-2015-0923
|
2024-11-21 11:24 |
2015-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277656
|
- |
|
holding_pattern_project
|
holding_pattern
|
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code …
|
NVD-CWE-Other
|
CVE-2015-1172
|
2024-11-21 11:24 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277657
|
- |
|
apereo
|
central_authentication_service
|
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid passw…
|
CWE-74
Injection
|
CVE-2015-1169
|
2024-11-21 11:24 |
2015-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277658
|
- |
|
mantisbt
|
mantisbt
|
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing at…
|
NVD-CWE-Other
|
CVE-2015-1042
|
2024-11-21 11:24 |
2015-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277659
|
- |
|
privoxy
|
privoxy
|
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional uncon…
|
NVD-CWE-Other
|
CVE-2015-1031
|
2024-11-21 11:24 |
2015-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277660
|
- |
|
google
canonical
redhat
opensuse
|
chrome
ubuntu_linux
enterprise_linux_server_aus
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux_eus
opensuse
|
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly hav…
|
NVD-CWE-noinfo
|
CVE-2015-1212
|
2024-11-21 11:24 |
2015-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
