|
271571
|
10.0 |
CRITICAL
Network
|
dovestones
|
ad_self_password_reset
|
The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-8267
|
2024-11-21 11:38 |
2015-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271572
|
6.8 |
MEDIUM
Network
|
isc
|
kea
|
The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packe…
|
CWE-20
Improper Input Validation
|
CVE-2015-8373
|
2024-11-21 11:38 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271573
|
- |
|
adobe
|
acrobat
acrobat_dc
acrobat_reader
acrobat_reader_dc
|
Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Rea…
|
CWE-787
Out-of-bounds Write
|
CVE-2015-8458
|
2024-11-21 11:38 |
2015-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271574
|
- |
|
token_insert_entity_project
|
token_insert_entity
|
The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restri…
|
CWE-200
Information Exposure
|
CVE-2015-8602
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271575
|
- |
|
chat_room_project
|
chat_room
|
The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restr…
|
CWE-200
Information Exposure
|
CVE-2015-8601
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271576
|
- |
|
sap
|
mobile_platform
|
The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vec…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-8600
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271577
|
- |
|
cacti
|
cacti
|
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to gr…
|
CWE-89
SQL Injection
|
CVE-2015-8369
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271578
|
- |
|
ntop
|
ntopng
|
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
|
CWE-254
7PK - Security Features
|
CVE-2015-8368
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271579
|
- |
|
xen
|
xen
|
The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allow…
|
CWE-399
Resource Management Errors
|
CVE-2015-8341
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271580
|
- |
|
xen
|
xen
|
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host cr…
|
CWE-17
Code
|
CVE-2015-8340
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
