|
272781
|
- |
|
fortinet
|
fortiauthenticator
|
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain acc…
|
CWE-255
Credentials Management
|
CVE-2015-1455
|
2024-11-21 11:25 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272782
|
- |
|
piwigo
|
piwigo
|
SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2015-1441
|
2024-11-21 11:25 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272783
|
- |
|
roundcube
fedoraproject
|
webmail
fedora
|
program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute …
|
CWE-79
Cross-site Scripting
|
CVE-2015-1433
|
2024-11-21 11:25 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272784
|
- |
|
sefrengo
|
sefrengo
|
Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authe…
|
CWE-89
SQL Injection
|
CVE-2015-1428
|
2024-11-21 11:25 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272785
|
- |
|
content_rating_extbase_project
|
content_rating_extbase
|
SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2015-1405
|
2024-11-21 11:25 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272786
|
- |
|
content_rating_extbase_project
|
content_rating_extbase
|
Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-1404
|
2024-11-21 11:25 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272787
|
- |
|
content_rating_project
|
content_rating
|
SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2015-1403
|
2024-11-21 11:25 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272788
|
- |
|
content_rating_project
|
content_rating
|
Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-1402
|
2024-11-21 11:25 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272789
|
- |
|
npds
|
revolution
|
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.
|
CWE-89
SQL Injection
|
CVE-2015-1400
|
2024-11-21 11:25 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272790
|
- |
|
banner_effect_header_project
|
banner_effect_header
|
Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid param…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1384
|
2024-11-21 11:25 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
