Latest CVE Feed
-
5.5
MEDIUMCVE-2015-9267
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.... Read more
- Published: Oct. 01, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2015-9266
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulner... Read more
Affected Products : airmax_ac_firmware airmax_m_xm_firmware airmax_m_xw_firmware airmax_m_ti_firmware airgateway_firmware airfiber_af24_firmware airfiber_af24hd_firmware af5x_firmware af5_firmware airos_4_xs2 +13 more products- Published: Sep. 05, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9264
Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service.... Read more
Affected Products : lansweeper- Published: Aug. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9263
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.... Read more
Affected Products : uptime_infrastructure_monitor- Published: Aug. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9262
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.... Read more
- Published: Aug. 01, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2015-9261
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.... Read more
- Published: Jul. 26, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2015-9260
An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.... Read more
Affected Products : bedita- Published: Jul. 05, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9259
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce upd... Read more
Affected Products : notary- Published: Mar. 31, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2015-9258
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a m... Read more
Affected Products : notary- Published: Mar. 31, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2015-9257
BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS.... Read more
Affected Products : remedy_action_request_system- Published: Mar. 24, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2015-9256
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.... Read more
Affected Products : alto_3_firmware alto_2_firmware alto_xl_firmware siris_3_firmware siris_2_firmware siris_3_x_all-flash_firmware siris_virtual_firmware alto_imaged_firmware alto_3 alto_2 +6 more products- Published: Feb. 20, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2015-9255
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.... Read more
Affected Products : alto_3_firmware alto_2_firmware alto_xl_firmware siris_3_firmware siris_2_firmware siris_3_x_all-flash_firmware siris_virtual_firmware alto_imaged_firmware alto_3 alto_2 +6 more products- Published: Feb. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9254
Datto ALTO and SIRIS devices have a default VNC password.... Read more
Affected Products : alto_3_firmware alto_2_firmware alto_xl_firmware siris_3_firmware siris_2_firmware siris_3_x_all-flash_firmware siris_virtual_firmware alto_imaged_firmware alto_3 alto_2 +6 more products- Published: Feb. 20, 2018
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2015-9253
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) wit... Read more
Affected Products : php- Published: Feb. 19, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2015-9252
An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.... Read more
Affected Products : qpdf- Published: Feb. 13, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2015-9251
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.... Read more
Affected Products : webcenter_sites weblogic_server communications_webrtc_session_controller peoplesoft_enterprise_peopletools siebel_ui_framework primavera_unifier enterprise_manager_ops_center jd_edwards_enterpriseone_tools financial_services_data_integration_hub hospitality_guest_access +37 more products- Published: Jan. 18, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2015-9250
An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter.... Read more
Affected Products : skybox_platform- Published: Jan. 12, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-9249
An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element.... Read more
Affected Products : skybox_platform- Published: Jan. 12, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2015-9248
An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager.... Read more
Affected Products : skybox_platform- Published: Jan. 12, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2015-9247
An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html.... Read more
Affected Products : skybox_platform- Published: Jan. 12, 2018
- Modified: Nov. 21, 2024