|
211671
|
9.8 |
CRITICAL
Network
|
gosa_project
|
gosa_plugin
|
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.
|
CWE-94
Code Injection
|
CVE-2015-8771
|
2024-11-21 11:39 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211672
|
9.8 |
CRITICAL
Network
|
click_project
canonical
|
click
ubuntu_linux
|
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-8768
|
2024-11-21 11:39 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211673
|
6.5 |
MEDIUM
Network
|
libdwarf_project
|
libdwarf
|
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2015-8750
|
2024-11-21 11:39 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211674
|
6.1 |
MEDIUM
Network
|
squidguard
|
squidguard
|
Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8936
|
2024-11-21 11:39 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211675
|
8.8 |
HIGH
Network
|
dotclear
|
dotclear
|
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries…
|
CWE-284
Improper Access Control
|
CVE-2015-8832
|
2024-11-21 11:39 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211676
|
6.1 |
MEDIUM
Network
|
dotclear
|
dotclear
|
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8831
|
2024-11-21 11:39 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211677
|
7.5 |
HIGH
Network
|
mybb
|
mybb
merge_system
|
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2015-8977
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211678
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
merge_system
|
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web scr…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8976
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211679
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
merge_system
|
Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inj…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8975
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211680
|
10.0 |
CRITICAL
Network
|
mybb
|
mybb
merge_system
|
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remo…
|
CWE-89
SQL Injection
|
CVE-2015-8974
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
