|
281271
|
9.8 |
CRITICAL
Network
|
codeigniter-restserver_project
|
codeigniter-restserver
|
CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks.
|
CWE-611
XXE
|
CVE-2015-3907
|
2024-11-21 11:30 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281272
|
9.8 |
CRITICAL
Network
|
pifzer
|
plum_a\+_infusion_system_firmware
plum_a\+3_infusion_system_firmware
symbiq_infusion_system_firmware
|
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pu…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2015-3956
|
2024-11-21 11:30 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281273
|
9.8 |
CRITICAL
Network
|
pifzer
|
plum_a\+_infusion_system_firmware
plum_a\+3_infusion_system_firmware
symbiq_infusion_system_firmware
|
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges …
|
CWE-285
Improper Authorization
|
CVE-2015-3954
|
2024-11-21 11:30 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281274
|
7.5 |
HIGH
Network
|
pifzer
|
plum_a\+_infusion_system_firmware
plum_a\+3_infusion_system_firmware
symbiq_infusion_system_firmware
|
Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. …
|
CWE-200
Information Exposure
|
CVE-2015-3952
|
2024-11-21 11:30 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281275
|
9.8 |
CRITICAL
Network
|
pifzer
|
plum_a\+_infusion_system_firmware
plum_a\+3_infusion_system_firmware
symbiq_infusion_system_firmware
|
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2015-3953
|
2024-11-21 11:30 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281276
|
8.8 |
HIGH
Network
|
pfizer
|
symbiq_infusion_system_firmware
|
Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly e…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3965
|
2024-11-21 11:30 |
2019-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281277
|
9.8 |
CRITICAL
Network
|
connx
|
esp_hr_management
|
SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx.
|
CWE-89
SQL Injection
|
CVE-2015-4043
|
2024-11-21 11:30 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281278
|
8.8 |
HIGH
Network
|
vestacp
|
control_panel
|
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
|
CWE-78
OS Command
|
CVE-2015-4117
|
2024-11-21 11:30 |
2018-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281279
|
6.1 |
MEDIUM
Network
|
bonitasoft
|
bonita_bpm_portal
|
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirec…
|
CWE-601
Open Redirect
|
CVE-2015-3898
|
2024-11-21 11:30 |
2018-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281280
|
8.8 |
HIGH
Network
|
codestyling_localization_project
|
codestyling_localization
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress.
|
CWE-352
Origin Validation Error
|
CVE-2015-4179
|
2024-11-21 11:30 |
2018-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
