|
212291
|
- |
|
symantec
|
netbackup_opscenter
|
Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML …
|
CWE-79
Cross-site Scripting
|
CVE-2015-6549
|
2024-11-21 11:35 |
2015-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212292
|
- |
|
google
|
android
|
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by l…
|
CWE-20
Improper Input Validation
|
CVE-2015-6602
|
2024-11-21 11:35 |
2015-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212293
|
- |
|
google
|
android
|
SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (in…
|
CWE-189
Numeric Errors
|
CVE-2015-6575
|
2024-11-21 11:35 |
2015-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212294
|
- |
|
openvz
|
vzctl
|
vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users …
|
CWE-59
Link Following
|
CVE-2015-6927
|
2024-11-21 11:35 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212295
|
- |
|
gnu
|
gnu_screen
|
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequenc…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-6806
|
2024-11-21 11:35 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212296
|
- |
|
cubecart
|
cubecart
|
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administr…
|
CWE-284
Improper Access Control
|
CVE-2015-6928
|
2024-11-21 11:35 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212297
|
- |
|
codewrights
endress\+hauser
|
hart_comm_dtm
|
CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU …
|
NVD-CWE-Other
|
CVE-2015-6463
|
2024-11-21 11:35 |
2015-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212298
|
- |
|
ibc_solar
|
danfoss_tlx_pro\+
servemaster_tlp\+
|
Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-6475
|
2024-11-21 11:35 |
2015-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212299
|
- |
|
ibc_solar
|
danfoss_tlx_pro\+
servemaster_tlp\+
|
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code.
|
CWE-200
Information Exposure
|
CVE-2015-6474
|
2024-11-21 11:35 |
2015-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212300
|
- |
|
resource_data_management_data_manager
|
data_manager
|
Resource Data Management Data Manager before 2.2 allows remote authenticated users to modify arbitrary passwords via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2015-6470
|
2024-11-21 11:35 |
2015-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
