|
277971
|
8.8 |
HIGH
Network
|
phpmybackuppro
|
phpmybackuppro
|
phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.
|
CWE-20
Improper Input Validation
|
CVE-2015-3639
|
2024-11-21 11:29 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277972
|
8.8 |
HIGH
Network
|
phpmybackuppro
|
phpmybackuppro
|
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to …
|
CWE-94
Code Injection
|
CVE-2015-3638
|
2024-11-21 11:29 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277973
|
6.1 |
MEDIUM
Network
|
eshop_project
|
eshop
|
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3421
|
2024-11-21 11:29 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277974
|
7.5 |
HIGH
Network
|
etherpad
|
etherpad
|
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the …
|
CWE-22
Path Traversal
|
CVE-2015-3297
|
2024-11-21 11:29 |
2017-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277975
|
5.5 |
MEDIUM
Local
|
google
|
android
|
The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS"…
|
CWE-284
Improper Access Control
|
CVE-2015-3840
|
2024-11-21 11:29 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277976
|
7.8 |
HIGH
Local
|
redhat
|
automatic_bug_reporting_tool
|
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp…
|
CWE-59
Link Following
|
CVE-2015-3315
|
2024-11-21 11:29 |
2017-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277977
|
6.5 |
MEDIUM
Network
|
apache
|
thrift
|
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
|
CWE-20
Improper Input Validation
|
CVE-2015-3254
|
2024-11-21 11:29 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277978
|
7.5 |
HIGH
Network
|
slideshow_project
|
slideshow
|
The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.
|
CWE-200
Information Exposure
|
CVE-2015-3634
|
2024-11-21 11:29 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277979
|
5.3 |
MEDIUM
Network
|
markdown-it_project
|
markdown-it
|
markdown-it before 4.1.0 does not block data: URLs.
|
CWE-284
Improper Access Control
|
CVE-2015-3295
|
2024-11-21 11:29 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277980
|
6.5 |
MEDIUM
Network
|
google
|
android
|
The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate…
|
CWE-20
Improper Input Validation
|
CVE-2015-3830
|
2024-11-21 11:29 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
