|
269911
|
6.1 |
MEDIUM
Network
|
cloud4wi
|
splash_portal
|
Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default …
|
CWE-79
Cross-site Scripting
|
CVE-2015-4699
|
2024-11-21 11:31 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269912
|
9.8 |
CRITICAL
Network
|
kguardsecurity
|
kg-sha104_firmware
kg-sha108_firmware
|
Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server.
|
CWE-287
Improper Authentication
|
CVE-2015-4464
|
2024-11-21 11:31 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269913
|
6.5 |
MEDIUM
Network
|
efrontlearning
|
efront
|
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-4463
|
2024-11-21 11:31 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269914
|
6.5 |
MEDIUM
Network
|
efrontlearning
|
efront
|
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file fro…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-4462
|
2024-11-21 11:31 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269915
|
8.8 |
HIGH
Network
|
koha
|
koha
|
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web sc…
|
CWE-352
Origin Validation Error
|
CVE-2015-4639
|
2024-11-21 11:31 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269916
|
7.8 |
HIGH
Local
|
lenovo
|
mouse_suite
|
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4596
|
2024-11-21 11:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269917
|
7.5 |
HIGH
Network
|
download_zip_attachments_project
|
download_zip_attachments
|
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php.
|
CWE-22
Path Traversal
|
CVE-2015-4704
|
2024-11-21 11:31 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269918
|
9.8 |
CRITICAL
Network
|
aviary_image_editor_add-on_for_gravity_forms_project
|
aviary_image_editor_add-on_for_gravity_forms
|
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by up…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-4455
|
2024-11-21 11:31 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269919
|
7.5 |
HIGH
Network
|
squashfs_project
|
squashfs
|
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.
|
CWE-20
Improper Input Validation
|
CVE-2015-4646
|
2024-11-21 11:31 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269920
|
5.4 |
MEDIUM
Network
|
clip-bucket
|
clipbucket
|
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to uploa…
|
CWE-79
Cross-site Scripting
|
CVE-2015-4673
|
2024-11-21 11:31 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
