|
276651
|
6.1 |
MEDIUM
Local
|
tug
|
texlive
|
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of…
|
CWE-59
Link Following
|
CVE-2015-5701
|
2024-11-21 11:33 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276652
|
6.1 |
MEDIUM
Local
|
tug
|
texlive
|
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
|
CWE-59
Link Following
|
CVE-2015-5700
|
2024-11-21 11:33 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276653
|
5.9 |
MEDIUM
Network
|
elasticsearch
elastic
|
logstash
|
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obt…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-5619
|
2024-11-21 11:33 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276654
|
6.1 |
MEDIUM
Network
|
zenphoto
|
zenphoto
|
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5594
|
2024-11-21 11:33 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276655
|
9.8 |
CRITICAL
Network
|
samsung
|
syncthru_6
|
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addD…
|
CWE-22
Path Traversal
|
CVE-2015-5473
|
2024-11-21 11:33 |
2017-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276656
|
7.5 |
HIGH
Network
|
powerplay_gallery_project
|
powerplay_gallery
|
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5682
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276657
|
9.1 |
CRITICAL
Network
|
image-export_project
|
image-export
|
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.
|
CWE-22
Path Traversal
|
CVE-2015-5609
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276658
|
7.5 |
HIGH
Network
|
mdc_youtube_downloader_project
|
mdc_youtube_downloader
|
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/do…
|
CWE-22
Path Traversal
|
CVE-2015-5469
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276659
|
7.5 |
HIGH
Network
|
wpshopstyling
|
wp_e-commerce_shop_styling
|
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to inc…
|
CWE-22
Path Traversal
|
CVE-2015-5468
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276660
|
7.5 |
HIGH
Network
|
hp
|
integrated_lights-out_firmware
|
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotel…
|
NVD-CWE-noinfo
|
CVE-2015-5436
|
2024-11-21 11:33 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
