|
281811
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3226
|
2024-11-21 11:28 |
2015-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281812
|
- |
|
rack_project
opensuse
debian
|
rack
opensuse
debian_linux
|
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a…
|
CWE-19
Data Processing Errors
|
CVE-2015-3225
|
2024-11-21 11:28 |
2015-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281813
|
- |
|
rubyonrails
|
web_console
|
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote…
|
CWE-284
Improper Access Control
|
CVE-2015-3224
|
2024-11-21 11:28 |
2015-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281814
|
- |
|
honeywell
|
tuxedo_touch
|
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-…
|
CWE-352
Origin Validation Error
|
CVE-2015-2848
|
2024-11-21 11:28 |
2015-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281815
|
- |
|
honeywell
|
tuxedo_touch
|
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests…
|
CWE-284
Improper Access Control
|
CVE-2015-2847
|
2024-11-21 11:28 |
2015-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281816
|
- |
|
research-artisan
|
research_artisan_lite
|
Research Artisan Lite before 1.18 does not ensure that a user has authenticated, which allows remote attackers to perform unspecified actions via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2015-2975
|
2024-11-21 11:28 |
2015-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281817
|
- |
|
research-artisan
|
research_artisan_lite
|
Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2976
|
2024-11-21 11:28 |
2015-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281818
|
- |
|
collne
|
welcart
|
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to …
|
CWE-79
Cross-site Scripting
|
CVE-2015-2973
|
2024-11-21 11:28 |
2015-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281819
|
- |
|
ghisler
|
total_commander
|
The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive M…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-2869
|
2024-11-21 11:28 |
2015-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281820
|
- |
|
canonical
apache
apple
|
ubuntu_linux
http_server
mac_os_x
xcode
mac_os_x_server
|
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3185
|
2024-11-21 11:28 |
2015-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
