|
277741
|
8.8 |
HIGH
Network
|
accentis
|
content_resource_management_system
|
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
|
CWE-89
SQL Injection
|
CVE-2015-3424
|
2024-11-21 11:29 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277742
|
7.5 |
HIGH
Network
|
module-signature_project
canonical
|
module-signature
ubuntu_linux
|
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2015-3406
|
2024-11-21 11:29 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277743
|
5.4 |
MEDIUM
Network
|
virtuemart
|
virtuemart
|
Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors invol…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3619
|
2024-11-21 11:29 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277744
|
6.1 |
MEDIUM
Network
|
nagios
|
business_process_intelligence
|
Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3618
|
2024-11-21 11:29 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277745
|
7.5 |
HIGH
Network
|
thecartpress
|
thecartpress_ecommerce_shopping_cart
|
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by …
|
CWE-284
Improper Access Control
|
CVE-2015-3302
|
2024-11-21 11:29 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277746
|
8.1 |
HIGH
Network
|
phpmybackuppro
|
phpmybackuppro
|
SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.
|
CWE-89
SQL Injection
|
CVE-2015-3637
|
2024-11-21 11:29 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277747
|
4.3 |
MEDIUM
Network
|
zfsonlinux
|
zfs
|
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obta…
|
CWE-200
Information Exposure
|
CVE-2015-3400
|
2024-11-21 11:29 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277748
|
6.7 |
MEDIUM
Local
|
lenovo
|
fingerprint_manager
|
Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3321
|
2024-11-21 11:29 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277749
|
7.8 |
HIGH
Local
|
usb-creator_project
|
usb-creator
|
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3643
|
2024-11-21 11:29 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277750
|
6.1 |
MEDIUM
Network
|
nodebb
|
nodebb
|
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3296
|
2024-11-21 11:29 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
