243751
|
4.4 |
MEDIUM
|
foxitsoftware
|
foxit_reader
|
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse p…
|
NVD-CWE-Other
|
CVE-2015-2789
|
2016-12-3 12:06 |
2015-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243752
|
4.4 |
MEDIUM
|
foxitsoftware
|
foxit_reader
|
<a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>
|
NVD-CWE-Other
|
CVE-2015-2789
|
2016-12-3 12:06 |
2015-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243753
|
4.3 |
MEDIUM
|
foxitsoftware
|
enterprise_reader foxit_reader phantompdf
|
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure o…
|
CWE-20
不適切な入力確認
|
CVE-2015-2790
|
2016-12-3 12:06 |
2015-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243754
|
10.0 |
HIGH
|
airties
|
air_firmware
|
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execu…
|
CWE-119
バッファエラー
|
CVE-2015-2797
|
2016-12-3 12:06 |
2015-06-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243755
|
7.5 |
HIGH
|
hancom
|
hanword_viewer_2007 hanword_viewer_2010 hwp_2014 hwpviewer_2014
|
Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 20…
|
CWE-189
数値処理の問題
|
CVE-2015-2810
|
2016-12-3 12:06 |
2015-05-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243756
|
6.5 |
MEDIUM
|
typo3
|
neos
|
TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-2821
|
2016-12-3 12:06 |
2015-04-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243757
|
7.5 |
HIGH
|
simple_ads_manager_project
|
simple_ads_manager
|
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an…
|
NVD-CWE-Other
|
CVE-2015-2825
|
2016-12-3 12:06 |
2015-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243758
|
7.5 |
HIGH
|
simple_ads_manager_project
|
simple_ads_manager
|
<a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
|
NVD-CWE-Other
|
CVE-2015-2825
|
2016-12-3 12:06 |
2015-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243759
|
7.2 |
HIGH
|
das_watchdog_project
|
das_watchdog
|
Buffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable.
|
CWE-119
バッファエラー
|
CVE-2015-2831
|
2016-12-3 12:06 |
2015-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243760
|
5.0 |
MEDIUM
|
citrix
|
netscaler
|
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-s…
|
CWE-284
不適切なアクセス制御
|
CVE-2015-2841
|
2016-12-3 12:06 |
2015-04-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243761
|
5.4 |
MEDIUM
ネットワーク
|
vmware
|
vrealize_automation
|
Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2344
|
2016-12-3 12:05 |
2016-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243762
|
4.0 |
MEDIUM
|
huawei
|
seq_analyst
|
XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.
|
NVD-CWE-Other
|
CVE-2015-2346
|
2016-12-3 12:05 |
2015-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243763
|
4.0 |
MEDIUM
|
huawei
|
seq_analyst
|
<a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
|
NVD-CWE-Other
|
CVE-2015-2346
|
2016-12-3 12:05 |
2015-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243764
|
7.5 |
HIGH
|
mybb
|
mybb
|
The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown…
|
NVD-CWE-noinfo
|
CVE-2015-2352
|
2016-12-3 12:05 |
2015-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243765
|
7.5 |
HIGH
|
web-dorado
|
ecommerce_wd
|
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_categor…
|
CWE-89
SQLインジェクション
|
CVE-2015-2562
|
2016-12-3 12:05 |
2015-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243766
|
2.1 |
LOW
|
oracle
|
health_sciences_applications
|
Unspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Sciences Applications 8.0 allows local users to affect confidentiality via vectors related to BIP Insta…
|
NVD-CWE-noinfo
|
CVE-2015-2579
|
2016-12-3 12:05 |
2015-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243767
|
7.2 |
HIGH
|
gns3
|
gns3
|
Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory.
|
NVD-CWE-Other
|
CVE-2015-2667
|
2016-12-3 12:05 |
2015-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243768
|
7.2 |
HIGH
|
gns3
|
gns3
|
<a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>
|
NVD-CWE-Other
|
CVE-2015-2667
|
2016-12-3 12:05 |
2015-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243769
|
6.8 |
MEDIUM
|
asus
|
rt-g32_firmware
|
Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that c…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2015-2676
|
2016-12-3 12:05 |
2015-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243770
|
4.3 |
MEDIUM
|
genixcms
|
genixcms
|
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2678
|
2016-12-3 12:05 |
2015-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243771
|
7.5 |
HIGH
|
genixcms
|
genixcms
|
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter t…
|
CWE-89
SQLインジェクション
|
CVE-2015-2679
|
2016-12-3 12:05 |
2015-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243772
|
6.8 |
MEDIUM
|
metalgenix
|
genixcms
|
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator accou…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2015-2680
|
2016-12-3 12:05 |
2015-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243773
|
4.3 |
MEDIUM
|
asus
|
rt-g32_firmware
|
Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2681
|
2016-12-3 12:05 |
2015-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243774
|
4.0 |
MEDIUM
|
shibboleth debian
|
service_provider debian_linux
|
Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.
|
CWE-20
不適切な入力確認
|
CVE-2015-2684
|
2016-12-3 12:05 |
2015-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243775
|
6.8 |
MEDIUM
|
cs-cart
|
cs-cart
|
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-updat…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2015-2701
|
2016-12-3 12:05 |
2015-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243776
|
5.0 |
MEDIUM
|
realmd_project
|
realmd
|
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.
|
CWE-74
インジェクション
|
CVE-2015-2704
|
2016-12-3 12:05 |
2015-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243777
|
6.8 |
MEDIUM
|
debian gaia-gis
|
debian_linux freexl
|
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.
|
CWE-20
不適切な入力確認
|
CVE-2015-2753
|
2016-12-3 12:05 |
2015-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243778
|
4.0 |
MEDIUM
|
mcafee
|
data_loss_prevention_endpoint
|
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corr…
|
CWE-399
リソース管理の問題
|
CVE-2015-2757
|
2016-12-3 12:05 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243779
|
6.5 |
MEDIUM
|
mcafee
|
data_loss_prevention_endpoint
|
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or po…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-2758
|
2016-12-3 12:05 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243780
|
6.8 |
MEDIUM
|
mcafee
|
data_loss_prevention_endpoint
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijac…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2015-2759
|
2016-12-3 12:05 |
2015-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243781
|
2.7 |
LOW
|
hp
|
capture_and_route_software
|
Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information …
|
NVD-CWE-noinfo
|
CVE-2015-2115
|
2016-12-3 12:04 |
2015-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243782
|
9.0 |
HIGH
|
hp
|
storage_data_protector
|
Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2015-2116
|
2016-12-3 12:04 |
2015-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243783
|
7.5 |
HIGH
|
hp
|
tippingpoint_security_management_system tippingpoint_virtual_security_management_system
|
HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI reque…
|
CWE-287
不適切な認証
|
CVE-2015-2117
|
2016-12-3 12:04 |
2015-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243784
|
7.8 |
HIGH
|
hp
|
network_virtualization
|
HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEdi…
|
CWE-200
情報漏えい
|
CVE-2015-2121
|
2016-12-3 12:04 |
2015-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243785
|
7.8 |
HIGH
|
hp
|
sdn_van_controller
|
The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port.
|
CWE-399
リソース管理の問題
|
CVE-2015-2122
|
2016-12-3 12:04 |
2015-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243786
|
9.0 |
HIGH
|
hp
|
nonstop_safeguard_security
|
Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access.
|
NVD-CWE-noinfo
|
CVE-2015-2123
|
2016-12-3 12:04 |
2015-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243787
|
7.2 |
HIGH
|
hp
|
smart_zero_core thinpro_linux
|
Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via un…
|
NVD-CWE-noinfo
|
CVE-2015-2124
|
2016-12-3 12:04 |
2015-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243788
|
5.0 |
MEDIUM
|
ericsson
|
drutt_mobile_service_delivery_platform
|
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot en…
|
CWE-22
パス・トラバーサル
|
CVE-2015-2166
|
2016-12-3 12:04 |
2015-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243789
|
5.8 |
MEDIUM
|
ericsson
|
drutt_mobile_service_delivery_platform
|
Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phish…
|
NVD-CWE-Other
|
CVE-2015-2167
|
2016-12-3 12:04 |
2015-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243790
|
5.8 |
MEDIUM
|
ericsson
|
drutt_mobile_service_delivery_platform
|
<a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>
|
NVD-CWE-Other
|
CVE-2015-2167
|
2016-12-3 12:04 |
2015-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243791
|
4.3 |
MEDIUM
|
zohocorp
|
manageengine_assetexplorer
|
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2169
|
2016-12-3 12:04 |
2015-06-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243792
|
7.5 |
HIGH
|
slimframework
|
slim
|
Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.
|
CWE-94
コード・インジェクション
|
CVE-2015-2171
|
2016-12-3 12:04 |
2015-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243793
|
6.5 |
MEDIUM
|
digitalnature
|
fusion
|
Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a…
|
NVD-CWE-Other
|
CVE-2015-2194
|
2016-12-3 12:04 |
2015-03-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243794
|
6.5 |
MEDIUM
|
digitalnature
|
fusion
|
<a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
|
NVD-CWE-Other
|
CVE-2015-2194
|
2016-12-3 12:04 |
2015-03-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243795
|
5.0 |
MEDIUM
|
dlguard
|
dlguard
|
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.
|
CWE-200
情報漏えい
|
CVE-2015-2209
|
2016-12-3 12:04 |
2015-03-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243796
|
5.0 |
MEDIUM
|
netcat
|
netcat
|
NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php.
|
CWE-200
情報漏えい
|
CVE-2015-2214
|
2016-12-3 12:04 |
2015-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243797
|
7.5 |
HIGH
|
photocati_media
|
photocrati
|
SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter.
|
CWE-89
SQLインジェクション
|
CVE-2015-2216
|
2016-12-3 12:04 |
2015-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243798
|
4.3 |
MEDIUM
|
magic_hills
|
wonderplugin_audio_player
|
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2218
|
2016-12-3 12:04 |
2015-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243799
|
7.2 |
HIGH
|
lenovo
|
system_update
|
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to th…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-2219
|
2016-12-3 12:04 |
2015-05-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243800
|
8.3 |
HIGH
|
lenovo
|
system_update
|
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and ex…
|
CWE-310
暗号の問題
|
CVE-2015-2233
|
2016-12-3 12:04 |
2015-05-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|