|
211351
|
9.8 |
CRITICAL
Network
|
lansweeper
|
lansweeper
|
Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service.
|
CWE-20
Improper Input Validation
|
CVE-2015-9264
|
2024-11-21 11:40 |
2018-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211352
|
9.8 |
CRITICAL
Network
|
idera
|
uptime_infrastructure_monitor
|
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute a…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-9263
|
2024-11-21 11:40 |
2018-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211353
|
9.8 |
CRITICAL
Network
|
debian
canonical
x
redhat
|
debian_linux
ubuntu_linux
libxcursor
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
ansible_tower
|
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-9262
|
2024-11-21 11:40 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211354
|
5.5 |
MEDIUM
Local
|
busybox
debian
canonical
|
busybox
debian_linux
ubuntu_linux
|
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2015-9261
|
2024-11-21 11:40 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211355
|
5.4 |
MEDIUM
Network
|
bedita
|
bedita
|
An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/lea…
|
CWE-79
Cross-site Scripting
|
CVE-2015-9260
|
2024-11-21 11:40 |
2018-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211356
|
7.5 |
HIGH
Network
|
ansi2html_project
|
ansi2html
|
ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.
|
CWE-20
Improper Input Validation
|
CVE-2015-9239
|
2024-11-21 11:40 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211357
|
5.3 |
MEDIUM
Network
|
secure-compare_project
|
secure-compare
|
secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same le…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2015-9238
|
2024-11-21 11:40 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211358
|
5.3 |
MEDIUM
Network
|
hapijs
|
hapi
|
Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to …
|
CWE-200
Information Exposure
|
CVE-2015-9236
|
2024-11-21 11:40 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211359
|
9.8 |
CRITICAL
Network
|
mysqljs
|
mysql
|
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2015-9244
|
2024-11-21 11:40 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211360
|
5.9 |
MEDIUM
Network
|
hapijs
|
hapi
|
When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a hi…
|
CWE-254
7PK - Security Features
|
CVE-2015-9243
|
2024-11-21 11:40 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
