SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. Date published : 2015-10-29 http://www.securityfocus.com/bid/77295 http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when...
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. Date published : 2015-10-29 http://www.securityfocus.com/bid/77295 http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html
The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet...
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. Date published : 2015-10-29...
Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. Date published : 2015-10-29 http://www.tpj.co.jp/enisys/resource.html http://jvn.jp/en/jp/JVN68289108/index.html
Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2015-10-29 http://www.tpj.co.jp/enisys/resource.html http://jvn.jp/en/jp/JVN13874649/index.html
Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. Date published : 2015-10-29 http://www.tpj.co.jp/enisys/resource.html http://jvn.jp/en/jp/JVN33179297/index.html
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2015-10-29 http://www.tpj.co.jp/enisys/resource.html http://jvn.jp/en/jp/JVN58615092/index.html
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a...
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. Date published : 2015-10-29 https://kallithea-scm.org/security/cve-2015-5285.html https://www.exploit-db.com/exploits/38424/
Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash)...
IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. Date published : 2015-10-29 http://www-01.ibm.com/support/docview.wss?uid=swg1PI47694 http://www-01.ibm.com/support/docview.wss?uid=swg21968474
Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash)...