243801
|
4.3 |
MEDIUM
|
djangoproject
|
django
|
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2241
|
2016-12-3 12:04 |
2015-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243802
|
6.5 |
MEDIUM
|
yoast
|
wordpress_seo
|
Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remo…
|
CWE-89
SQLインジェクション
|
CVE-2015-2292
|
2016-12-3 12:04 |
2015-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243803
|
6.8 |
MEDIUM
|
sensiolabs
|
symfony
|
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP …
|
CWE-94
コード・インジェクション
|
CVE-2015-2308
|
2016-12-3 12:04 |
2015-06-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243804
|
6.4 |
MEDIUM
|
fortinet
|
fortios
|
FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle att…
|
CWE-310
暗号の問題
|
CVE-2015-2323
|
2016-12-3 12:04 |
2015-08-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243805
|
4.3 |
MEDIUM
|
mybb
|
mybb
|
Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2332
|
2016-12-3 12:04 |
2015-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243806
|
4.3 |
MEDIUM
|
mybb
|
mybb
|
Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-2333
|
2016-12-3 12:04 |
2015-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243807
|
6.8 |
MEDIUM
|
mybb
|
mybb
|
Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified v…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2015-2334
|
2016-12-3 12:04 |
2015-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243808
|
5.0 |
MEDIUM
|
mybb
|
mybb
|
A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.
|
CWE-200
情報漏えい
|
CVE-2015-2335
|
2016-12-3 12:04 |
2015-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243809
|
2.1 |
LOW
|
apple
|
safari
|
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensi…
|
CWE-200
情報漏えい
|
CVE-2015-1127
|
2016-12-3 12:03 |
2015-04-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243810
|
6.8 |
MEDIUM
|
apple
|
iphone_os itunes safari
|
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…
|
NVD-CWE-noinfo
|
CVE-2015-1152
|
2016-12-3 12:03 |
2015-05-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243811
|
6.8 |
MEDIUM
|
apple
|
itunes safari iphone_os
|
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…
|
NVD-CWE-noinfo
|
CVE-2015-1153
|
2016-12-3 12:03 |
2015-05-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243812
|
5.0 |
MEDIUM
|
zlib
|
pigz
|
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
|
CWE-22
パス・トラバーサル
|
CVE-2015-1191
|
2016-12-3 12:03 |
2015-01-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243813
|
3.7 |
LOW
|
ibm
|
rational_requirements_composer rational_doors_next_generation
|
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with W…
|
NVD-CWE-Other
|
CVE-2015-0121
|
2016-12-3 12:02 |
2015-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243814
|
3.7 |
LOW
|
ibm
|
rational_requirements_composer rational_doors_next_generation
|
<a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613: Insufficient Session Expiration</a>
|
NVD-CWE-Other
|
CVE-2015-0121
|
2016-12-3 12:02 |
2015-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243815
|
3.5 |
LOW
|
ibm
|
rational_team_concert
|
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbit…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-0122
|
2016-12-3 12:02 |
2015-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243816
|
3.5 |
LOW
|
ibm
|
rational_team_concert
|
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbit…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-0123
|
2016-12-3 12:02 |
2015-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243817
|
3.5 |
LOW
|
ibm
|
rational_quality_manager
|
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arb…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-0124
|
2016-12-3 12:02 |
2015-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243818
|
3.5 |
LOW
|
ibm
|
rational_requirements_composer rational_doors_next_generation
|
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote auth…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-0125
|
2016-12-3 12:02 |
2015-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243819
|
7.5 |
HIGH
ネットワーク
cisco
|
unified_computing_system nx-os nx-os_1000v_switch
|
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload…
|
CWE-399
リソース管理の問題
|
CVE-2015-0718
|
2016-12-3 12:02 |
2016-03-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243820
|
7.5 |
HIGH
|
libreoffice fedoraproject canonical debian
|
libreoffice fedora ubuntu_linux debian_linux
|
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
|
CWE-20
不適切な入力確認
|
CVE-2014-9093
|
2016-12-3 12:02 |
2014-11-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243821
|
5.3 |
MEDIUM
ネットワーク
mantisbt
|
mantisbt
|
Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information…
|
CWE-200
情報漏えい
|
CVE-2014-9759
|
2016-12-3 12:02 |
2016-04-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243822
|
9.8 |
CRITICAL
ネットワーク
pixman canonical
|
pixman ubuntu_linux
|
Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code…
|
CWE-189
数値処理の問題
|
CVE-2014-9766
|
2016-12-3 12:02 |
2016-04-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243823
|
7.3 |
HIGH
ネットワーク
pcre
|
pcre
|
pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly hav…
|
CWE-119
バッファエラー
|
CVE-2014-9769
|
2016-12-3 12:02 |
2016-03-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243824
|
4.6 |
MEDIUM
|
exim
|
exim
|
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
|
CWE-189
数値処理の問題
|
CVE-2014-2972
|
2016-12-3 12:01 |
2014-09-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243825
|
7.5 |
HIGH
|
ffmpeg
|
ffmpeg
|
libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write.
|
CWE-119
バッファエラー
|
CVE-2013-4263
|
2016-12-3 12:00 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243826
|
4.3 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.
|
CWE-119
バッファエラー
|
CVE-2013-4264
|
2016-12-3 12:00 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243827
|
10.0 |
HIGH
|
ffmpeg
|
ffmpeg
|
The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.
|
NVD-CWE-Other
|
CVE-2013-4265
|
2016-12-3 12:00 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243828
|
10.0 |
HIGH
|
ffmpeg
|
ffmpeg
|
http://cwe.mitre.org/data/definitions/476.html
"CWE-476: NULL Pointer Dereference"
|
NVD-CWE-Other
|
CVE-2013-4265
|
2016-12-3 12:00 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243829
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or po…
|
NVD-CWE-Other
|
CVE-2013-7008
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243830
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds…
|
CWE-119
バッファエラー
|
CVE-2013-7009
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243831
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array ac…
|
CWE-119
バッファエラー
|
CVE-2013-7011
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243832
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bound…
|
CWE-119
バッファエラー
|
CVE-2013-7012
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243833
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bound…
|
CWE-189
数値処理の問題
|
CVE-2013-7013
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243834
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bo…
|
CWE-20
不適切な入力確認
|
CVE-2013-7015
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243835
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array a…
|
CWE-119
バッファエラー
|
CVE-2013-7016
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243836
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.
|
NVD-CWE-Other
|
CVE-2013-7017
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243837
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
Per: http://cwe.mitre.org/data/definitions/476.html
"CWE-476: NULL Pointer Dereference"
|
NVD-CWE-Other
|
CVE-2013-7017
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243838
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or …
|
CWE-119
バッファエラー
|
CVE-2013-7018
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243839
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array …
|
CWE-20
不適切な入力確認
|
CVE-2013-7019
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243840
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double fr…
|
CWE-399
リソース管理の問題
|
CVE-2013-7021
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243841
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array …
|
CWE-119
バッファエラー
|
CVE-2013-7022
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243842
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of…
|
CWE-119
バッファエラー
|
CVE-2013-7023
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243843
|
6.8 |
MEDIUM
|
ffmpeg
|
ffmpeg
|
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of s…
|
CWE-119
バッファエラー
|
CVE-2013-7024
|
2016-12-3 12:00 |
2013-12-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243844
|
4.3 |
MEDIUM
|
cristian_gafton
|
pam_userdb
|
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.
|
CWE-310
暗号の問題
|
CVE-2013-7041
|
2016-12-3 12:00 |
2014-05-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243845
|
6.5 |
MEDIUM
ネットワーク
|
canonical gtk
|
ubuntu_linux gtk\\\+
|
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, all…
|
NVD-CWE-Other
|
CVE-2013-7447
|
2016-12-3 12:00 |
2016-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243846
|
6.5 |
MEDIUM
ネットワーク
|
canonical gtk
|
ubuntu_linux gtk\\\+
|
<a href="http://cwe.mitre.org/data/definitions/190.html">CWE-190: Integer Overflow or Wraparound</a>
|
NVD-CWE-Other
|
CVE-2013-7447
|
2016-12-3 12:00 |
2016-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243847
|
9.3 |
HIGH
|
flightgear simgear
|
flightgear simgear
|
Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a…
|
CWE-119
バッファエラー
|
CVE-2012-2091
|
2016-12-3 11:59 |
2012-06-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243848
|
6.1 |
MEDIUM
|
isc
|
dhcp
|
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote atta…
|
CWE-399
リソース管理の問題
|
CVE-2011-4868
|
2016-12-3 11:59 |
2012-01-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243849
|
7.5 |
HIGH
ネットワーク
indasengineering
|
web_scada
|
Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.
|
CWE-22
パス・トラバーサル
|
CVE-2016-8343
|
2016-12-3 08:59 |
2016-10-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243850
|
7.3 |
HIGH
ネットワーク
yandex
|
yandex_browser
|
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special Java…
|
CWE-254
セキュリティ機能
|
CVE-2016-8503
|
2016-12-3 08:59 |
2016-10-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|