CVE-2015-5705
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
Source: CVE-2015-5705
[월:] 2017년 09월
CVE-2015-5186
CVE-2015-5186
Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.
Source: CVE-2015-5186
CVE-2015-5947
CVE-2015-5947
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
Source: CVE-2015-5947
CVE-2015-0853
CVE-2015-0853
svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes).
Source: CVE-2015-0853
CVE-2015-7241
CVE-2015-7241
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
Source: CVE-2015-7241
CVE-2015-5959
CVE-2015-5959
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.
Source: CVE-2015-5959
CVE-2015-7225
CVE-2015-7225
Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user’s login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step.
Source: CVE-2015-7225
CVE-2015-3161
CVE-2015-3161
The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape tags in string literals when producing JSON.
Source: CVE-2015-3161
CVE-2015-2210
CVE-2015-2210
The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.
Source: CVE-2015-2210
CVE-2015-3160
CVE-2015-3160
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server’s file system.
Source: CVE-2015-3160