|
272001
|
- |
|
canonical
google
|
ubuntu_linux
chrome
v8
|
Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown…
|
NVD-CWE-noinfo
|
CVE-2015-2238
|
2024-11-21 11:27 |
2015-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272002
|
- |
|
ninjaforms
|
ninja_forms
|
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 …
|
CWE-79
Cross-site Scripting
|
CVE-2015-2220
|
2024-11-21 11:27 |
2015-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272003
|
- |
|
magic_hills
|
wonderplugin_audio_player
|
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers …
|
CWE-79
Cross-site Scripting
|
CVE-2015-2218
|
2024-11-21 11:27 |
2015-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272004
|
- |
|
photocati_media
|
photocrati
|
SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter.
|
CWE-89
SQL Injection
|
CVE-2015-2216
|
2024-11-21 11:27 |
2015-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272005
|
- |
|
services_single_sign-on_server_helper_project
|
services_single_sign-on_server_helper
|
Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct ph…
|
NVD-CWE-Other
|
CVE-2015-2215
|
2024-11-21 11:27 |
2015-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272006
|
- |
|
netcat
|
netcat
|
NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php.
|
CWE-200
Information Exposure
|
CVE-2015-2214
|
2024-11-21 11:27 |
2015-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272007
|
- |
|
dlguard
|
dlguard
|
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.
|
CWE-200
Information Exposure
|
CVE-2015-2209
|
2024-11-21 11:27 |
2015-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272008
|
5.5 |
MEDIUM
Local
|
xaviershay-dm-rails_porject
|
xaviershay-dm-rails
|
The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments.
|
NVD-CWE-noinfo
|
CVE-2015-2179
|
2024-11-21 11:26 |
2023-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272009
|
7.5 |
HIGH
Network
|
jhipster
|
jhipster
|
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by br…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2015-20110
|
2024-11-21 11:26 |
2023-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272010
|
7.2 |
HIGH
Network
|
hp
arubanetworks
|
airwave
|
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
|
CWE-20
Improper Input Validation
|
CVE-2015-2202
|
2024-11-21 11:26 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
