|
270301
|
8.8 |
HIGH
Network
|
pfizer
|
symbiq_infusion_system_firmware
|
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly e…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3965
|
2024-11-21 11:30 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270302
|
9.8 |
CRITICAL
Network
|
connx
|
esp_hr_management
|
SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx.
|
CWE-89
SQL Injection
|
CVE-2015-4043
|
2024-11-21 11:30 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270303
|
8.8 |
HIGH
Network
|
vestacp
|
control_panel
|
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
|
CWE-78
OS Command
|
CVE-2015-4117
|
2024-11-21 11:30 |
2018-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270304
|
6.1 |
MEDIUM
Network
|
bonitasoft
|
bonita_bpm_portal
|
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirec…
|
CWE-601
Open Redirect
|
CVE-2015-3898
|
2024-11-21 11:30 |
2018-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270305
|
8.8 |
HIGH
Network
|
codestyling_localization_project
|
codestyling_localization
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress.
|
CWE-352
Origin Validation Error
|
CVE-2015-4179
|
2024-11-21 11:30 |
2018-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270306
|
7.5 |
HIGH
Network
|
jolla
|
sailfish_os
|
Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL.
|
CWE-284
Improper Access Control
|
CVE-2015-3888
|
2024-11-21 11:30 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270307
|
6.8 |
MEDIUM
Network
|
puppet
|
puppet_enterprise
|
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Author…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-4100
|
2024-11-21 11:30 |
2017-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270308
|
9.8 |
CRITICAL
Network
|
fiyo
|
fiyo_cms
|
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user pa…
|
CWE-89
SQL Injection
|
CVE-2015-3934
|
2024-11-21 11:30 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270309
|
9.8 |
CRITICAL
Network
|
metalgenix
|
genixcms
|
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) …
|
CWE-89
SQL Injection
|
CVE-2015-3933
|
2024-11-21 11:30 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270310
|
7.8 |
HIGH
Local
|
proxychains-ng_project
|
proxychains-ng
|
Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referen…
|
CWE-426
Untrusted Search Path
|
CVE-2015-3887
|
2024-11-21 11:30 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
