|
271971
|
- |
|
projectsend
|
projectsend
|
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
|
CWE-89
SQL Injection
|
CVE-2015-2564
|
2024-11-21 11:27 |
2015-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271972
|
- |
|
vastal
|
phpvid
|
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector…
|
CWE-89
SQL Injection
|
CVE-2015-2563
|
2024-11-21 11:27 |
2015-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271973
|
- |
|
web-dorado
|
ecommerce_wd
|
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_categor…
|
CWE-89
SQL Injection
|
CVE-2015-2562
|
2024-11-21 11:27 |
2015-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271974
|
- |
|
mybb
|
mybb
|
The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown…
|
NVD-CWE-noinfo
|
CVE-2015-2352
|
2024-11-21 11:27 |
2015-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271975
|
- |
|
alkacon
|
opencms
|
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2351
|
2024-11-21 11:27 |
2015-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271976
|
- |
|
mikrotik
|
routeros
|
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator …
|
CWE-352
Origin Validation Error
|
CVE-2015-2350
|
2024-11-21 11:27 |
2015-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271977
|
- |
|
superwebmailer
|
superwebmailer
|
Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in SuperWebMailer 5.60.0.01190 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTMLForm parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2349
|
2024-11-21 11:27 |
2015-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271978
|
- |
|
fortinet
|
single_sign_on
|
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-2281
|
2024-11-21 11:27 |
2015-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271979
|
- |
|
mageia_project
python
canonical
|
mageia
requests
ubuntu_linux
|
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
|
NVD-CWE-Other
|
CVE-2015-2296
|
2024-11-21 11:27 |
2015-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271980
|
- |
|
mybb
|
mybb
|
A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.
|
CWE-200
Information Exposure
|
CVE-2015-2335
|
2024-11-21 11:27 |
2015-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
