|
212601
|
- |
|
sap
|
hana
|
The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Logi…
|
CWE-20
Improper Input Validation
|
CVE-2015-7993
|
2024-11-21 11:37 |
2015-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212602
|
- |
|
sap
|
hana
|
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RUL…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-7992
|
2024-11-21 11:37 |
2015-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212603
|
- |
|
sap
|
hana
|
The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vector…
|
CWE-200
Information Exposure
|
CVE-2015-7991
|
2024-11-21 11:37 |
2015-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212604
|
- |
|
sap
|
hana
|
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopyd…
|
CWE-20
Improper Input Validation
|
CVE-2015-7828
|
2024-11-21 11:37 |
2015-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212605
|
- |
|
echo_project
|
echo
|
The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demon…
|
CWE-200
Information Exposure
|
CVE-2015-8007
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212606
|
- |
|
pagetriage_project
|
pagetriage
|
Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in the PageTriage extension for MediWiki allows remote attackers to inject arbitrary web script or HTML via the page title.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8006
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212607
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading…
|
CWE-200
Information Exposure
|
CVE-2015-8005
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212608
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-8004
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212609
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.
|
CWE-399
Resource Management Errors
|
CVE-2015-8003
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212610
|
- |
|
mediawiki
|
mediawiki
|
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a …
|
CWE-399
Resource Management Errors
|
CVE-2015-8002
|
2024-11-21 11:37 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
