|
269871
|
7.5 |
HIGH
Network
|
mongodb
fedoraproject
|
bson
fedora
|
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted stri…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2015-4411
|
2024-11-21 11:31 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269872
|
7.5 |
HIGH
Network
|
moped_project
fedoraproject
|
moped
fedora
|
The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or pe…
|
CWE-20
Improper Input Validation
|
CVE-2015-4410
|
2024-11-21 11:31 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269873
|
4.9 |
MEDIUM
Network
|
owncloud
|
owncloud
|
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote a…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2015-4715
|
2024-11-21 11:31 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269874
|
8.8 |
HIGH
Network
|
dedecms
|
dedecms
|
A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-4553
|
2024-11-21 11:31 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269875
|
5.4 |
MEDIUM
Network
|
cloudera
|
cloudera_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-4457
|
2024-11-21 11:31 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269876
|
7.5 |
HIGH
Network
|
easy2map
|
easy2map-photos
|
Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.
|
CWE-22
Path Traversal
|
CVE-2015-4617
|
2024-11-21 11:31 |
2019-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269877
|
9.8 |
CRITICAL
Network
|
easy2map
|
easy2map-photos
|
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
|
CWE-89
SQL Injection
|
CVE-2015-4615
|
2024-11-21 11:31 |
2019-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269878
|
9.8 |
CRITICAL
Network
|
koha
|
koha
|
Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL comman…
|
CWE-89
SQL Injection
|
CVE-2015-4633
|
2024-11-21 11:31 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269879
|
7.5 |
HIGH
Network
|
koha
|
koha
|
Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a…
|
CWE-22
Path Traversal
|
CVE-2015-4632
|
2024-11-21 11:31 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269880
|
5.4 |
MEDIUM
Network
|
koha
|
koha
|
Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary we…
|
CWE-79
Cross-site Scripting
|
CVE-2015-4631
|
2024-11-21 11:31 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
