|
271561
|
6.1 |
MEDIUM
Network
|
synacor
|
zimbra_collaboration_server
|
Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2230
|
2024-11-21 11:27 |
2019-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271562
|
9.1 |
CRITICAL
Network
|
huawei
|
oceanstor_uds_firmware
|
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compr…
|
CWE-200
Information Exposure
|
CVE-2015-2254
|
2024-11-21 11:27 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271563
|
5.4 |
MEDIUM
Network
|
10web
|
photo_gallery
|
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2324
|
2024-11-21 11:27 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271564
|
6.1 |
MEDIUM
Network
|
woocommerce
|
woocommerce
|
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2329
|
2024-11-21 11:27 |
2018-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271565
|
7.5 |
HIGH
Network
|
etherpad
|
etherpad
|
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.
|
CWE-200
Information Exposure
|
CVE-2015-2298
|
2024-11-21 11:27 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271566
|
9.8 |
CRITICAL
Network
|
mono-project
debian
|
mono
debian_linux
|
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2320
|
2024-11-21 11:27 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271567
|
7.5 |
HIGH
Network
|
mono-project
|
mono
|
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different v…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2319
|
2024-11-21 11:27 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271568
|
8.1 |
HIGH
Network
|
mono-project
debian
|
mono
debian_linux
|
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2318
|
2024-11-21 11:27 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271569
|
8.8 |
HIGH
Network
|
wpeasycart
|
wp_easycart
|
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2673
|
2024-11-21 11:27 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271570
|
7.5 |
HIGH
Network
|
libcsoap_project
|
libcsoap
|
nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.
|
CWE-476
NULL Pointer Dereference
|
CVE-2015-2297
|
2024-11-21 11:27 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
