|
276351
|
7.5 |
HIGH
Network
|
chef
|
chef
|
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
|
CWE-200
Information Exposure
|
CVE-2015-8559
|
2024-11-21 11:38 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276352
|
3.7 |
LOW
Network
|
huawei
|
p8_firmware
|
Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths.
|
CWE-200
Information Exposure
|
CVE-2015-8224
|
2024-11-21 11:38 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276353
|
6.1 |
MEDIUM
Network
|
ultimatemember
|
ultimate_member
|
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8354
|
2024-11-21 11:38 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276354
|
6.1 |
MEDIUM
Network
|
role_scoper_project
|
role_scoper
|
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-obj…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8353
|
2024-11-21 11:38 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276355
|
9.0 |
CRITICAL
Network
|
gwolle_guestbook_project
|
gwolle_guestbook
|
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code v…
|
CWE-94
Code Injection
|
CVE-2015-8351
|
2024-11-21 11:38 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276356
|
6.1 |
MEDIUM
Network
|
inboundnow
|
call_to_action
|
Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8350
|
2024-11-21 11:38 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276357
|
6.1 |
MEDIUM
Network
|
gameconnect
|
sourcebans
|
Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8349
|
2024-11-21 11:38 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276358
|
5.9 |
MEDIUM
Network
|
lightdm_project
|
lightdm
|
Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMC…
|
CWE-129
Improper Validation of Array Index
|
CVE-2015-8316
|
2024-11-21 11:38 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276359
|
8.8 |
HIGH
Network
|
huawei
|
vcn500_firmware
|
SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTT…
|
CWE-89
SQL Injection
|
CVE-2015-8334
|
2024-11-21 11:38 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276360
|
9.8 |
CRITICAL
Network
|
knx
|
ets
|
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8299
|
2024-11-21 11:38 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
