|
277341
|
- |
|
montala
|
resourcespace
|
SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.ph…
|
CWE-89
SQL Injection
|
CVE-2015-6915
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277342
|
- |
|
mindbite
|
sitefactory_cms
|
Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx.
|
CWE-22
Path Traversal
|
CVE-2015-6914
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277343
|
- |
|
synology
|
download_station
|
Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2015-6913
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277344
|
- |
|
synology
|
video_station
|
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.
|
CWE-77
Command Injection
|
CVE-2015-6912
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277345
|
- |
|
synology
|
video_station
|
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
|
CWE-89
SQL Injection
|
CVE-2015-6911
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277346
|
- |
|
synology
|
video_station
|
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.
|
CWE-89
SQL Injection
|
CVE-2015-6910
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277347
|
- |
|
synology
|
download_station
|
Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6909
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277348
|
- |
|
openldap
apple
|
openldap
mac_os_x
|
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER dat…
|
CWE-20
Improper Input Validation
|
CVE-2015-6908
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277349
|
- |
|
siemens
|
ruggedcom_rugged_operating_system
|
Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic.
|
CWE-284
Improper Access Control
|
CVE-2015-6675
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277350
|
- |
|
moxa
|
eds-405a_firmware
eds-408a_firmware
|
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to i…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6466
|
2024-11-21 11:35 |
2015-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
