|
212031
|
- |
|
fieldable_panels_panes_project
|
fieldable_panels_panes
|
The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-7227
|
2024-11-21 11:36 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212032
|
- |
|
administration_views_project
|
administration_views
|
The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to ob…
|
CWE-200
Information Exposure
|
CVE-2015-7226
|
2024-11-21 11:36 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212033
|
5.3 |
MEDIUM
Network
|
multibit
|
multibit_hd
|
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot …
|
CWE-697
Incorrect Comparison
|
CVE-2015-6964
|
2024-11-21 11:35 |
2023-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212034
|
9.8 |
CRITICAL
Network
|
boschsecurity
|
nbn-498_dinion2x_day\/night_ip_cameras_firmware
|
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to …
|
CWE-91
Blind XPath Injection
|
CVE-2015-6970
|
2024-11-21 11:35 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212035
|
9.8 |
CRITICAL
Network
|
kaseya
|
virtual_system_administrator
|
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers…
|
CWE-287
Improper Authentication
|
CVE-2015-6922
|
2024-11-21 11:35 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212036
|
8.8 |
HIGH
Network
|
kaseya
|
virtual_system_administrator
|
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote aut…
|
CWE-22
Path Traversal
|
CVE-2015-6589
|
2024-11-21 11:35 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212037
|
3.5 |
LOW
Adjacent
|
qemu
fedoraproject
novell
canonical
redhat
xen
arista
|
qemu
fedora
suse_linux_enterprise_server
suse_linux_enterprise_debuginfo
suse_linux_enterprise_desktop
suse_linux_enterprise_software_development_kit
ubuntu_linux
enterprise_linu…
|
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of ser…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2015-6815
|
2024-11-21 11:35 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212038
|
5.5 |
MEDIUM
Local
|
freereprintables
|
articlefr
|
Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter.
|
CWE-22
Path Traversal
|
CVE-2015-6591
|
2024-11-21 11:35 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212039
|
8.8 |
HIGH
Network
|
magento
|
magento
|
The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.…
|
CWE-20
Improper Input Validation
|
CVE-2015-6497
|
2024-11-21 11:35 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212040
|
7.5 |
HIGH
Network
|
cloudera
|
cloudera_manager
|
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.
|
CWE-200
Information Exposure
|
CVE-2015-6495
|
2024-11-21 11:35 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
