|
212031
|
9.8 |
CRITICAL
Network
|
mediawiki
|
mediawiki
|
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which ma…
|
CWE-255
Credentials Management
|
CVE-2015-8626
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212032
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read…
|
CWE-200
Information Exposure
|
CVE-2015-8625
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212033
|
8.8 |
HIGH
Network
|
mediawiki
|
mediawiki
|
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant …
|
CWE-352
Origin Validation Error
|
CVE-2015-8624
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212034
|
8.8 |
HIGH
Network
|
mediawiki
|
mediawiki
|
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote at…
|
CWE-352
Origin Validation Error
|
CVE-2015-8623
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212035
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authe…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8622
|
2024-11-21 11:38 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212036
|
7.5 |
HIGH
Network
|
netapp
|
snapdrive
|
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-8544
|
2024-11-21 11:38 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212037
|
8.8 |
HIGH
Network
|
netapp
|
data_ontap
|
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2015-8322
|
2024-11-21 11:38 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212038
|
9.8 |
CRITICAL
Network
|
perl
|
perl
|
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive lette…
|
CWE-125
Out-of-bounds Read
|
CVE-2015-8608
|
2024-11-21 11:38 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212039
|
5.9 |
MEDIUM
Network
|
ntp
|
ntp
|
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
|
NVD-CWE-Other
|
CVE-2015-8158
|
2024-11-21 11:38 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212040
|
4.8 |
MEDIUM
Network
|
ntp
|
ntp
|
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
|
CWE-284
Improper Access Control
|
CVE-2015-8140
|
2024-11-21 11:38 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
