|
269091
|
7.5 |
HIGH
Network
|
powerplay_gallery_project
|
powerplay_gallery
|
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5682
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269092
|
9.1 |
CRITICAL
Network
|
image-export_project
|
image-export
|
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.
|
CWE-22
Path Traversal
|
CVE-2015-5609
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269093
|
7.5 |
HIGH
Network
|
mdc_youtube_downloader_project
|
mdc_youtube_downloader
|
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/do…
|
CWE-22
Path Traversal
|
CVE-2015-5469
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269094
|
7.5 |
HIGH
Network
|
wpshopstyling
|
wp_e-commerce_shop_styling
|
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to inc…
|
CWE-22
Path Traversal
|
CVE-2015-5468
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269095
|
7.5 |
HIGH
Network
|
hp
|
integrated_lights-out_firmware
|
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotel…
|
NVD-CWE-noinfo
|
CVE-2015-5436
|
2024-11-21 11:33 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269096
|
9.8 |
CRITICAL
Network
|
samsung
|
nt14u_firmware
x14j_firmware
x14h_firmware
x12_firmware
x10p_firmware
m288ofw_firmware
|
The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain …
|
CWE-200
Information Exposure
|
CVE-2015-5729
|
2024-11-21 11:33 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269097
|
5.5 |
MEDIUM
Local
|
freebsd
|
freebsd
|
bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file.
|
CWE-200
Information Exposure
|
CVE-2015-5677
|
2024-11-21 11:33 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269098
|
9.8 |
CRITICAL
Network
|
misp-project
|
malware_information_sharing_platform
|
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_…
|
CWE-94
Code Injection
|
CVE-2015-5721
|
2024-11-21 11:33 |
2016-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269099
|
6.1 |
MEDIUM
Network
|
misp-project
|
malware_information_sharing_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5720
|
2024-11-21 11:33 |
2016-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269100
|
9.8 |
CRITICAL
Network
|
misp-project
|
malware_information_sharing_platform
|
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact a…
|
NVD-CWE-noinfo
|
CVE-2015-5719
|
2024-11-21 11:33 |
2016-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
