|
211991
|
- |
|
xen
|
xen
|
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
|
CWE-17
Code
|
CVE-2015-7311
|
2024-11-21 11:36 |
2015-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211992
|
7.5 |
HIGH
Network
|
rpcbind_project
canonical
debian
oracle
|
rpcbind
ubuntu_linux
debian_linux
solaris
|
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMA…
|
NVD-CWE-Other
|
CVE-2015-7236
|
2024-11-21 11:36 |
2015-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211993
|
- |
|
ipython
jupyter
|
notebook
|
The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files…
|
CWE-20
Improper Input Validation
|
CVE-2015-7337
|
2024-11-21 11:36 |
2015-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211994
|
- |
|
codepeople
|
appointment_booking_calendar
|
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers …
|
CWE-79
Cross-site Scripting
|
CVE-2015-7320
|
2024-11-21 11:36 |
2015-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211995
|
- |
|
codepeople
|
appointment_booking_calendar
|
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQ…
|
CWE-89
SQL Injection
|
CVE-2015-7319
|
2024-11-21 11:36 |
2015-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211996
|
- |
|
zohocorp
|
manageengine_eventlog_analyzer
|
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallow…
|
CWE-89
SQL Injection
|
CVE-2015-7387
|
2024-11-21 11:36 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211997
|
- |
|
ghozylab
|
gallery_-_photo_albums_-_portfolio
|
Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrar…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7386
|
2024-11-21 11:36 |
2015-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211998
|
- |
|
refbase
|
refbase
|
Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7383
|
2024-11-21 11:36 |
2015-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211999
|
- |
|
refbase
|
refbase
|
SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a dif…
|
CWE-89
SQL Injection
|
CVE-2015-7382
|
2024-11-21 11:36 |
2015-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212000
|
- |
|
refbase
|
refbase
|
Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or…
|
CWE-94
Code Injection
|
CVE-2015-7381
|
2024-11-21 11:36 |
2015-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
