243701
|
9.3 |
HIGH
|
bittorrent
|
sync
|
BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link.
|
CWE-77
コマンドインジェクション
|
CVE-2015-2846
|
2016-12-3 12:07 |
2015-04-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243702
|
6.8 |
MEDIUM
|
synology
|
cloud_station
|
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by spec…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-2851
|
2016-12-3 12:07 |
2015-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243703
|
4.3 |
MEDIUM
|
blue_coat
|
ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv800_firmware
|
Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2015-2852
|
2016-12-3 12:07 |
2015-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243704
|
6.8 |
MEDIUM
|
blue_coat
|
ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv800_firmware
|
Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web se…
|
NVD-CWE-Other
|
CVE-2015-2853
|
2016-12-3 12:07 |
2015-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243705
|
6.8 |
MEDIUM
|
blue_coat
|
ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv800_firmware
|
<a href="http://cwe.mitre.org/data/definitions/384.html">CWE-384: Session Fixation</a>
|
NVD-CWE-Other
|
CVE-2015-2853
|
2016-12-3 12:07 |
2015-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243706
|
4.3 |
MEDIUM
|
blue_coat
|
ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv2800_firmware ssl_visibility_appliance_sv3800_firmware
|
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remo…
|
CWE-20
不適切な入力確認
|
CVE-2015-2854
|
2016-12-3 12:07 |
2015-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243707
|
4.3 |
MEDIUM
|
blue_coat
|
ssl_visibility_appliance_sv800_firmware ssl_visibility_appliance_sv1800_firmware ssl_visibility_appliance_sv3800_firmware ssl_visibility_appliance_sv2800_firmware
|
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https se…
|
CWE-200
情報漏えい
|
CVE-2015-2855
|
2016-12-3 12:07 |
2015-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243708
|
5.8 |
MEDIUM
|
mcafee
|
epolicy_orchestrator
|
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows m…
|
CWE-310
暗号の問題
|
CVE-2015-2859
|
2016-12-3 12:07 |
2015-06-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243709
|
7.8 |
HIGH
|
avigilon
|
avigilon_control_center
|
Directory traversal vulnerability in Avigilon Control Center (ACC) 4 before 4.12.0.54 and 5 before 5.4.2.22 allows remote attackers to read arbitrary files via a crafted help/ URL.
|
CWE-22
パス・トラバーサル
|
CVE-2015-2860
|
2016-12-3 12:07 |
2015-06-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243710
|
6.8 |
MEDIUM
|
vestacp
|
vesta_control_panel
|
Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2015-2861
|
2016-12-3 12:07 |
2015-06-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243711
|
6.8 |
MEDIUM
|
ocf
|
sxf_common_library
|
Stack-based buffer overflow in the Open CAD Format Council SXF common library before 3.30 allows remote attackers to execute arbitrary code via a crafted CAD file.
|
CWE-119
バッファエラー
|
CVE-2015-2946
|
2016-12-3 12:07 |
2015-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243712
|
4.3 |
MEDIUM
|
zenphoto
|
zenphoto
|
Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2948
|
2016-12-3 12:07 |
2015-06-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243713
|
4.3 |
MEDIUM
|
zenphoto
|
zenphoto
|
Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2949
|
2016-12-3 12:07 |
2015-06-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243714
|
6.4 |
MEDIUM
|
open_explorer_beta_project
|
open_explorer_beta
|
Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename.
|
CWE-22
パス・トラバーサル
|
CVE-2015-2950
|
2016-12-3 12:07 |
2015-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243715
|
5.0 |
MEDIUM
|
f21
|
jwt
|
JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens.
|
CWE-20
不適切な入力確認
|
CVE-2015-2951
|
2016-12-3 12:07 |
2015-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243716
|
6.5 |
MEDIUM
|
igreks
|
milkystep_light milkystep_professional milkystep_professional_oem
|
The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and…
|
CWE-284
不適切なアクセス制御
|
CVE-2015-2952
|
2016-12-3 12:07 |
2015-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243717
|
5.0 |
MEDIUM
|
igreks
|
milkystep_light milkystep_professional milkystep_professional_oem
|
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different vulnerabil…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-2953
|
2016-12-3 12:07 |
2015-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243718
|
6.8 |
MEDIUM
|
igreks
|
milkystep_light milkystep_professional milkystep_professional_oem
|
Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2015-2954
|
2016-12-3 12:07 |
2015-06-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243719
|
7.5 |
HIGH
|
igreks
|
milkystep_light milkystep_professional milkystep_professional_oem
|
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OSコマンド・インジェクション
|
CVE-2015-2955
|
2016-12-3 12:07 |
2015-06-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243720
|
7.5 |
HIGH
|
igreks
|
milkystep_light milkystep_professional milkystep_professional_oem
|
SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2015-2956
|
2016-12-3 12:07 |
2015-06-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243721
|
4.3 |
MEDIUM
|
igreks
|
milkystep_light milkystep_professional milkystep_professional_oem
|
Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified ve…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2957
|
2016-12-3 12:07 |
2015-06-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243722
|
6.4 |
MEDIUM
|
igreks
|
milkystep_light milkystep_professional milkystep_professional_oem
|
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulne…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-2958
|
2016-12-3 12:07 |
2015-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243723
|
7.5 |
HIGH
|
cgi_rescue
|
blobee
|
CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors.
|
CWE-20
不適切な入力確認
|
CVE-2015-2962
|
2016-12-3 12:07 |
2015-06-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243724
|
4.3 |
MEDIUM
|
thoughtbot
|
paperclip
|
The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2963
|
2016-12-3 12:07 |
2015-07-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243725
|
5.0 |
MEDIUM
|
namshi
|
namshi\/jose
|
NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens (JWT) header.
|
CWE-20
不適切な入力確認
|
CVE-2015-2964
|
2016-12-3 12:07 |
2015-07-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243726
|
4.0 |
MEDIUM
|
oscommerce
|
oscommerce
|
Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.
|
CWE-22
パス・トラバーサル
|
CVE-2015-2965
|
2016-12-3 12:07 |
2015-06-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243727
|
6.9 |
MEDIUM
|
juniper
|
junos
|
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconn…
|
CWE-17
コード
|
CVE-2015-3002
|
2016-12-3 12:07 |
2015-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243728
|
7.2 |
HIGH
|
juniper
|
junos
|
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 1…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-3003
|
2016-12-3 12:07 |
2015-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243729
|
4.3 |
MEDIUM
|
juniper
|
junos
|
J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.…
|
CWE-20
不適切な入力確認
|
CVE-2015-3004
|
2016-12-3 12:07 |
2015-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243730
|
4.3 |
MEDIUM
|
juniper
|
junos
|
Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-3005
|
2016-12-3 12:07 |
2015-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243731
|
2.1 |
LOW
|
ceph
|
ceph-deploy
|
ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
|
CWE-200
情報漏えい
|
CVE-2015-3010
|
2016-12-3 12:07 |
2015-06-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243732
|
3.5 |
LOW
|
owncloud debian
|
owncloud debian_linux
|
Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated u…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-3011
|
2016-12-3 12:07 |
2015-05-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243733
|
5.0 |
MEDIUM
|
apple
|
xcode
|
Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-3027
|
2016-12-3 12:07 |
2015-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243734
|
3.5 |
LOW
|
mcafee
|
data_loss_prevention_endpoint
|
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbit…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2760
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243735
|
4.3 |
MEDIUM
|
websense
|
triton_ap_web
|
Cross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense TRITON AP-WEB before 8.0.0 allows remote attackers to inject arbitrary web script or HTML via unsp…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2761
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243736
|
5.0 |
MEDIUM
|
websense
|
triton_ap_web
|
Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication.
|
CWE-200
情報漏えい
|
CVE-2015-2762
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243737
|
10.0 |
HIGH
|
websense
|
triton_ap_email
|
Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703.
|
NVD-CWE-noinfo
|
CVE-2015-2763
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243738
|
4.3 |
MEDIUM
|
websense
|
triton_ap_data
|
Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2764
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243739
|
4.3 |
MEDIUM
|
websense
|
triton_ap_email
|
The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
|
CWE-20
不適切な入力確認
|
CVE-2015-2765
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243740
|
5.0 |
MEDIUM
|
websense
|
triton_ap_email
|
The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack.
|
CWE-255
証明書・パスワード管理
|
CVE-2015-2766
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243741
|
10.0 |
HIGH
|
websense
|
triton_ap_email
|
Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled."
|
NVD-CWE-noinfo
|
CVE-2015-2767
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243742
|
4.3 |
MEDIUM
|
websense
|
triton_ap_email v-series_appliances
|
Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2768
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243743
|
5.0 |
MEDIUM
|
websense
|
triton_ap_email v-series_appliances
|
The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
CWE-200
情報漏えい
|
CVE-2015-2771
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243744
|
7.5 |
HIGH
|
websense
|
v-series_appliances
|
SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2015-2772
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243745
|
5.0 |
MEDIUM
|
websense
|
v-series_appliances
|
SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2015-2773
|
2016-12-3 12:06 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243746
|
4.3 |
MEDIUM
|
debian gaia-gis
|
debian_linux freexl
|
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.
|
CWE-20
不適切な入力確認
|
CVE-2015-2776
|
2016-12-3 12:06 |
2015-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243747
|
5.0 |
MEDIUM
|
quassel-irc
|
quassel
|
Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte c…
|
CWE-399
リソース管理の問題
|
CVE-2015-2778
|
2016-12-3 12:06 |
2015-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243748
|
5.0 |
MEDIUM
|
quassel-irc
|
quassel
|
Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.
|
CWE-399
リソース管理の問題
|
CVE-2015-2779
|
2016-12-3 12:06 |
2015-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243749
|
10.0 |
HIGH
|
mybb
|
mybb
|
Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders."
|
NVD-CWE-noinfo
|
CVE-2015-2786
|
2016-12-3 12:06 |
2015-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243750
|
10.0 |
HIGH
|
debian
|
debian_linux dbd-firebird
|
Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an erro…
|
CWE-119
バッファエラー
|
CVE-2015-2788
|
2016-12-3 12:06 |
2015-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|