|
280971
|
- |
|
ibm
|
security_qradar_incident_forensics
|
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these…
|
NVD-CWE-Other
|
CVE-2015-1993
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280972
|
- |
|
ibm
|
security_qradar_incident_forensics
|
SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2015-1989
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280973
|
- |
|
apache
|
ambari
|
Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured servic…
|
NVD-CWE-Other
|
CVE-2015-1775
|
2024-11-21 11:26 |
2015-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280974
|
- |
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unkno…
|
NVD-CWE-noinfo
|
CVE-2015-1829
|
2024-11-21 11:26 |
2015-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280975
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1814
|
2024-11-21 11:26 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280976
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerabili…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1813
|
2024-11-21 11:26 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280977
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerabili…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1812
|
2024-11-21 11:26 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280978
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1810
|
2024-11-21 11:26 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280979
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.
|
CWE-20
Improper Input Validation
|
CVE-2015-1808
|
2024-11-21 11:26 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280980
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building …
|
CWE-22
Path Traversal
|
CVE-2015-1807
|
2024-11-21 11:26 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
