243201
|
6.9 |
MEDIUM
|
redhat
|
automatic_bug_reporting_tool enterprise_linux_desktop enterprise_linux_hpc_node enterprise_linux_server enterprise_linux_workstation
|
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable na…
|
CWE-59
リンク解釈の問題
|
CVE-2015-5287
|
2016-12-8 03:16 |
2015-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243202
|
5.5 |
MEDIUM
|
ipsilon_project
|
ipsilon
|
providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cau…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-5301
|
2016-12-8 03:16 |
2015-11-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243203
|
5.0 |
MEDIUM
|
powerdns
|
authoritative
|
PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets.
|
CWE-20
不適切な入力確認
|
CVE-2015-5311
|
2016-12-8 03:16 |
2015-11-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243204
|
3.5 |
LOW
|
zurmo
|
zurmo_crm
|
Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-5365
|
2016-12-8 03:16 |
2015-07-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243205
|
6.8 |
MEDIUM
|
joomla
|
joomla\!
|
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upl…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2015-5397
|
2016-12-8 03:16 |
2015-07-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243206
|
8.8 |
HIGH
ネットワーク
|
hp
|
storeonce_backup_system_software
|
Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown …
|
CWE-352
同一生成元ポリシー違反
|
CVE-2015-5445
|
2016-12-8 03:16 |
2016-01-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243207
|
7.5 |
HIGH
隣接
|
hp
|
storeonce_backup_system_software
|
HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2015-5446
|
2016-12-8 03:16 |
2016-01-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243208
|
5.4 |
MEDIUM
ネットワーク
|
hp
|
storeonce_backup_system_software
|
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-5447
|
2016-12-8 03:16 |
2016-01-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243209
|
6.8 |
MEDIUM
|
hp
|
operations_orchestration
|
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown ve…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2015-5451
|
2016-12-8 03:16 |
2015-11-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243210
|
6.5 |
MEDIUM
|
zohocorp
|
manageengine_password_manager_pro
|
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary…
|
CWE-89
SQLインジェクション
|
CVE-2015-5459
|
2016-12-8 03:16 |
2015-07-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243211
|
6.4 |
MEDIUM
|
stageshow_project
|
stageshow
|
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and …
|
NVD-CWE-Other
|
CVE-2015-5461
|
2016-12-8 03:16 |
2015-07-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243212
|
6.4 |
MEDIUM
|
stageshow_project
|
stageshow
|
<a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>
|
NVD-CWE-Other
|
CVE-2015-5461
|
2016-12-8 03:16 |
2015-07-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243213
|
7.5 |
HIGH
|
novalnet
|
novalnet_payment_module_ubercart-
|
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2015-5504
|
2016-12-8 03:16 |
2015-08-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243214
|
5.0 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect integrity via vectors related to ADF …
|
NVD-CWE-noinfo
|
CVE-2015-4909
|
2016-12-8 03:15 |
2015-10-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243215
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via vectors related to SSO Engine.
|
NVD-CWE-noinfo
|
CVE-2015-4912
|
2016-12-8 03:15 |
2015-10-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243216
|
6.8 |
MEDIUM
|
oracle
|
jd_edwards_products
|
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via …
|
NVD-CWE-noinfo
|
CVE-2015-4919
|
2016-12-8 03:15 |
2016-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243217
|
2.1 |
LOW
|
oracle
|
solaris
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via vectors related to NDMP Backup Service.
|
NVD-CWE-noinfo
|
CVE-2015-4920
|
2016-12-8 03:15 |
2016-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243218
|
2.1 |
LOW
|
oracle
|
solaris
|
Per Oracle: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Syste…
|
NVD-CWE-noinfo
|
CVE-2015-4920
|
2016-12-8 03:15 |
2016-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243219
|
4.0 |
MEDIUM
|
oracle
|
database_server
|
Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2015-4921
|
2016-12-8 03:15 |
2016-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243220
|
2.1 |
LOW
|
oracle
|
solaris
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot.
|
NVD-CWE-noinfo
|
CVE-2015-4922
|
2016-12-8 03:15 |
2016-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243221
|
2.1 |
LOW
|
oracle
|
solaris
|
Per Oracle: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the Critical Patch Update January 2015 Patch Availability Document for Oracle Sun Syste…
|
NVD-CWE-noinfo
|
CVE-2015-4922
|
2016-12-8 03:15 |
2016-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243222
|
4.0 |
MEDIUM
|
oracle
|
database_server
|
Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect availability via unknown ve…
|
NVD-CWE-noinfo
|
CVE-2015-4923
|
2016-12-8 03:15 |
2016-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243223
|
3.5 |
LOW
|
oracle
|
supply_chain_products_suite
|
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect integrity via vectors …
|
NVD-CWE-noinfo
|
CVE-2015-4924
|
2016-12-8 03:15 |
2016-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243224
|
6.5 |
MEDIUM
|
oracle
|
database_server
|
Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown ve…
|
NVD-CWE-noinfo
|
CVE-2015-4925
|
2016-12-8 03:15 |
2016-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243225
|
7.2 |
HIGH
|
ibm
|
tivoli_storage_manager
|
The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files,…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-4927
|
2016-12-8 03:15 |
2015-11-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243226
|
4.3 |
MEDIUM
|
apache
|
ambari
|
Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive infor…
|
CWE-200
情報漏えい
|
CVE-2015-4928
|
2016-12-8 03:15 |
2015-11-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243227
|
4.3 |
MEDIUM
|
apache
|
ambari
|
Per <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21969202"></a> CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N states that this is a network attack and not local
|
CWE-200
情報漏えい
|
CVE-2015-4928
|
2016-12-8 03:15 |
2015-11-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243228
|
2.1 |
LOW
|
apache
|
ambari
|
Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information…
|
CWE-200
情報漏えい
|
CVE-2015-4940
|
2016-12-8 03:15 |
2015-11-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243229
|
5.3 |
MEDIUM
ネットワーク
ibm
|
websphere_mq_light
|
IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.
|
CWE-17
コード
|
CVE-2015-4941
|
2016-12-8 03:15 |
2016-01-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243230
|
5.3 |
MEDIUM
ネットワーク
ibm
|
websphere_mq_light
|
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-20…
|
CWE-399
リソース管理の問題
|
CVE-2015-4942
|
2016-12-8 03:15 |
2016-01-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243231
|
5.3 |
MEDIUM
ネットワーク
ibm
|
websphere_mq_light
|
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-20…
|
CWE-17
コード
|
CVE-2015-4943
|
2016-12-8 03:15 |
2016-01-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243232
|
5.3 |
MEDIUM
ネットワーク
ibm
|
tivoli_storage_manager
|
Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to ca…
|
CWE-20
不適切な入力確認
|
CVE-2015-4951
|
2016-12-8 03:15 |
2016-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243233
|
6.1 |
MEDIUM
ネットワーク
|
ibm
|
tivoli_federated_identity_manager
|
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-4959
|
2016-12-8 03:15 |
2016-01-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243234
|
7.5 |
HIGH
|
ibm
|
security_access_manager_for_web
|
IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via un…
|
CWE-17
コード
|
CVE-2015-4963
|
2016-12-8 03:15 |
2015-11-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243235
|
5.1 |
MEDIUM
ローカル
|
ibm
|
rational_clearquest
|
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
|
CWE-200
情報漏えい
|
CVE-2015-4996
|
2016-12-8 03:15 |
2016-01-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243236
|
6.8 |
MEDIUM
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-4997
|
2016-12-8 03:15 |
2015-10-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243237
|
4.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain…
|
CWE-200
情報漏えい
|
CVE-2015-5004
|
2016-12-8 03:15 |
2015-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243238
|
5.0 |
MEDIUM
|
ibm
|
websphere_commerce_enterprise
|
IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL.
|
CWE-200
情報漏えい
|
CVE-2015-5015
|
2016-12-8 03:15 |
2015-11-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243239
|
8.0 |
HIGH
ネットワーク
|
ibm
|
security_access_manager_9.0_firmware security_access_manager_for_web_7.0_firmware security_access_manager_for_web_8.0_firmware
|
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS command…
|
CWE-78
OSコマンド・インジェクション
|
CVE-2015-5018
|
2016-12-8 03:15 |
2016-01-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243240
|
4.3 |
MEDIUM
ネットワーク
|
ibm
|
infosphere_biginsights
|
The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecifi…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-5020
|
2016-12-8 03:15 |
2016-01-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243241
|
5.5 |
MEDIUM
|
ibm
|
infosphere_information_server
|
IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-5021
|
2016-12-8 03:15 |
2015-11-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243242
|
3.5 |
LOW
|
zohocorp
|
manageengine_assetexplorer
|
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-5061
|
2016-12-8 03:15 |
2015-06-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243243
|
6.5 |
MEDIUM
|
limesurvey
|
limesurvey
|
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the close…
|
CWE-89
SQLインジェクション
|
CVE-2015-5078
|
2016-12-8 03:15 |
2015-06-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243244
|
9.0 |
HIGH
|
citrix
|
netscaler_application_delivery_controller_firmware netscaler_gateway_firmware
|
The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remo…
|
CWE-77
コマンドインジェクション
|
CVE-2015-5080
|
2016-12-8 03:15 |
2015-07-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243245
|
5.5 |
MEDIUM
|
zohocorp
|
manageengine_supportcenter_plus
|
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Reque…
|
CWE-22
パス・トラバーサル
|
CVE-2015-5149
|
2016-12-8 03:15 |
2015-06-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243246
|
3.3 |
LOW
|
gnu
|
glibc
|
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local u…
|
CWE-16
環境設定
|
CVE-2011-1089
|
2016-12-8 03:15 |
2011-04-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243247
|
4.3 |
MEDIUM
|
audiosharescript
|
audioshare
|
Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-4725
|
2016-12-8 03:14 |
2015-06-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243248
|
7.5 |
HIGH
|
audiosharescript
|
audioshare
|
PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter.
|
CWE-94
コード・インジェクション
|
CVE-2015-4726
|
2016-12-8 03:14 |
2015-06-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243249
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.1, and 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related…
|
NVD-CWE-noinfo
|
CVE-2015-4799
|
2016-12-8 03:14 |
2015-10-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243250
|
1.5 |
LOW
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In…
|
NVD-CWE-noinfo
|
CVE-2015-4809
|
2016-12-8 03:14 |
2015-10-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|