|
272531
|
- |
|
adminsystems_cms_project
|
adminsystems_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id pa…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1603
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272532
|
- |
|
debian
sixapart
|
debian_linux
movable_type
|
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and …
|
CWE-74
Injection
|
CVE-2015-1592
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272533
|
- |
|
maarch
|
letterbox
gec\/ged
|
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file w…
|
NVD-CWE-Other
|
CVE-2015-1587
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272534
|
- |
|
fatfreecrm
|
fat_free_crm
|
Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creat…
|
CWE-352
Origin Validation Error
|
CVE-2015-1585
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272535
|
- |
|
softsphere
|
defensewall_personal_firewall
|
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x002…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1515
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272536
|
- |
|
isc
|
bind
|
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of servic…
|
CWE-399
Resource Management Errors
|
CVE-2015-1349
|
2024-11-21 11:25 |
2015-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272537
|
- |
|
siemens
|
wincc
|
The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime f…
|
CWE-310
Cryptographic Issues
|
CVE-2015-1358
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272538
|
- |
|
siemens
|
simatic_step_7
|
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitra…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1356
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272539
|
- |
|
siemens
|
simatic_step_7
|
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting …
|
CWE-310
Cryptographic Issues
|
CVE-2015-1355
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272540
|
- |
|
webform_prepopulate_block_project
|
webform_prepopulate_block
|
Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vec…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1621
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
