|
276751
|
7.5 |
HIGH
Network
|
easy2map
|
easy2map-photos
|
Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.
|
CWE-22
Path Traversal
|
CVE-2015-4617
|
2024-11-21 11:31 |
2019-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276752
|
9.8 |
CRITICAL
Network
|
easy2map
|
easy2map-photos
|
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
|
CWE-89
SQL Injection
|
CVE-2015-4615
|
2024-11-21 11:31 |
2019-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276753
|
9.8 |
CRITICAL
Network
|
koha
|
koha
|
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL comman…
|
CWE-89
SQL Injection
|
CVE-2015-4633
|
2024-11-21 11:31 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276754
|
7.5 |
HIGH
Network
|
koha
|
koha
|
Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a…
|
CWE-22
Path Traversal
|
CVE-2015-4632
|
2024-11-21 11:31 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276755
|
5.4 |
MEDIUM
Network
|
koha
|
koha
|
Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary we…
|
CWE-79
Cross-site Scripting
|
CVE-2015-4631
|
2024-11-21 11:31 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276756
|
8.0 |
HIGH
Network
|
koha
|
koha
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack t…
|
CWE-352
Origin Validation Error
|
CVE-2015-4630
|
2024-11-21 11:31 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276757
|
9.8 |
CRITICAL
Network
|
broadcom
xceedium
|
privileged_access_manager
xsuite
|
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
|
CWE-20
Improper Input Validation
|
CVE-2015-4664
|
2024-11-21 11:31 |
2018-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276758
|
6.1 |
MEDIUM
Network
|
nextendweb
|
nextend_twitter_connect
|
Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2015-4557
|
2024-11-21 11:31 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276759
|
4.6 |
MEDIUM
Physics
|
ring
|
ring_firmware
|
Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the Gain…
|
CWE-255
Credentials Management
|
CVE-2015-4400
|
2024-11-21 11:31 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276760
|
6.5 |
MEDIUM
Network
|
efrontlearning
|
efront
|
Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.
|
CWE-22
Path Traversal
|
CVE-2015-4461
|
2024-11-21 11:31 |
2018-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
