|
270701
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortimanager
|
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
|
CWE-269
Improper Privilege Management
|
CVE-2015-3613
|
2024-11-21 11:29 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270702
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortimanager
|
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3612
|
2024-11-21 11:29 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270703
|
8.8 |
HIGH
Network
|
fortinet
|
fortimanager
|
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when exec…
|
CWE-78
OS Command
|
CVE-2015-3611
|
2024-11-21 11:29 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270704
|
6.1 |
MEDIUM
Network
|
accentis
|
content_resource_management_system
|
Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_cont…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3425
|
2024-11-21 11:29 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270705
|
8.8 |
HIGH
Network
|
accentis
|
content_resource_management_system
|
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
|
CWE-89
SQL Injection
|
CVE-2015-3424
|
2024-11-21 11:29 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270706
|
7.5 |
HIGH
Network
|
module-signature_project
canonical
|
module-signature
ubuntu_linux
|
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2015-3406
|
2024-11-21 11:29 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270707
|
5.4 |
MEDIUM
Network
|
virtuemart
|
virtuemart
|
Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors invol…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3619
|
2024-11-21 11:29 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270708
|
6.1 |
MEDIUM
Network
|
nagios
|
business_process_intelligence
|
Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3618
|
2024-11-21 11:29 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270709
|
7.5 |
HIGH
Network
|
thecartpress
|
thecartpress_ecommerce_shopping_cart
|
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by …
|
CWE-284
Improper Access Control
|
CVE-2015-3302
|
2024-11-21 11:29 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270710
|
8.1 |
HIGH
Network
|
phpmybackuppro
|
phpmybackuppro
|
SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.
|
CWE-89
SQL Injection
|
CVE-2015-3637
|
2024-11-21 11:29 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
