|
212221
|
7.3 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which al…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8662
|
2024-11-21 11:38 |
2015-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212222
|
8.3 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote at…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8661
|
2024-11-21 11:38 |
2015-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212223
|
10.0 |
CRITICAL
Network
|
dovestones
|
ad_self_password_reset
|
The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-8267
|
2024-11-21 11:38 |
2015-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212224
|
6.8 |
MEDIUM
Network
|
isc
|
kea
|
The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packe…
|
CWE-20
Improper Input Validation
|
CVE-2015-8373
|
2024-11-21 11:38 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212225
|
- |
|
adobe
|
acrobat
acrobat_dc
acrobat_reader
acrobat_reader_dc
|
Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Rea…
|
CWE-787
Out-of-bounds Write
|
CVE-2015-8458
|
2024-11-21 11:38 |
2015-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212226
|
- |
|
token_insert_entity_project
|
token_insert_entity
|
The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restri…
|
CWE-200
Information Exposure
|
CVE-2015-8602
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212227
|
- |
|
chat_room_project
|
chat_room
|
The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restr…
|
CWE-200
Information Exposure
|
CVE-2015-8601
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212228
|
- |
|
sap
|
mobile_platform
|
The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vec…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-8600
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212229
|
- |
|
cacti
|
cacti
|
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to gr…
|
CWE-89
SQL Injection
|
CVE-2015-8369
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212230
|
- |
|
ntop
|
ntopng
|
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
|
CWE-254
7PK - Security Features
|
CVE-2015-8368
|
2024-11-21 11:38 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
