|
270321
|
7.5 |
HIGH
Network
|
phpmybackuppro
|
phpmybackuppro
|
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of …
|
CWE-22
Path Traversal
|
CVE-2015-4181
|
2024-11-21 11:30 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270322
|
7.5 |
HIGH
Network
|
phpmybackuppro
|
phpmybackuppro
|
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of …
|
CWE-22
Path Traversal
|
CVE-2015-4180
|
2024-11-21 11:30 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270323
|
7.5 |
HIGH
Network
|
saltstack
|
salt
|
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-4017
|
2024-11-21 11:30 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270324
|
5.3 |
MEDIUM
Network
|
helpdesk_pro_project
|
helpdesk_pro
|
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/…
|
CWE-200
Information Exposure
|
CVE-2015-4071
|
2024-11-21 11:30 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270325
|
6.5 |
MEDIUM
Network
|
attic_project
|
attic
|
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive informa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4082
|
2024-11-21 11:30 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270326
|
7.5 |
HIGH
Network
|
elasticsearch
|
elasticsearch
|
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4165
|
2024-11-21 11:30 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270327
|
7.8 |
HIGH
Local
|
tukaani
|
xz
|
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run x…
|
CWE-20
Improper Input Validation
|
CVE-2015-4035
|
2024-11-21 11:30 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270328
|
7.8 |
HIGH
Local
|
netlock
|
mokka
|
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Ob…
|
CWE-91
Blind XPath Injection
|
CVE-2015-3932
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270329
|
7.8 |
HIGH
Local
|
microsec
|
e-szigno
|
Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:…
|
CWE-91
Blind XPath Injection
|
CVE-2015-3931
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270330
|
9.8 |
CRITICAL
Network
|
libinfinity_project
|
libinfinity
|
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-3886
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
