|
272801
|
- |
|
siemens
|
ruggedcom_firmware
|
The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1448
|
2024-11-21 11:25 |
2015-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272802
|
- |
|
10web
|
photo_gallery
|
SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create galle…
|
CWE-89
SQL Injection
|
CVE-2015-1393
|
2024-11-21 11:25 |
2015-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272803
|
- |
|
blubrry
|
powerpress
|
Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1385
|
2024-11-21 11:25 |
2015-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272804
|
- |
|
cyberhobo
|
geo_mashup
|
Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.
|
CWE-79
Cross-site Scripting
|
CVE-2015-1383
|
2024-11-21 11:25 |
2015-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272805
|
- |
|
siemens
|
ruggedcom_firmware
|
Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with …
|
CWE-200
Information Exposure
|
CVE-2015-1357
|
2024-11-21 11:25 |
2015-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272806
|
- |
|
jakweb
|
gecko_cms
|
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newus…
|
CWE-352
Origin Validation Error
|
CVE-2015-1424
|
2024-11-21 11:25 |
2015-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272807
|
- |
|
jakweb
|
gecko_cms
|
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
|
CWE-89
SQL Injection
|
CVE-2015-1423
|
2024-11-21 11:25 |
2015-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272808
|
- |
|
jakweb
|
gecko_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) ja…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1422
|
2024-11-21 11:25 |
2015-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272809
|
- |
|
opensuse
vsftpd_project
|
opensuse
vsftpd
|
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
|
NVD-CWE-noinfo
|
CVE-2015-1419
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272810
|
- |
|
pixabay_images_project
|
pixabay_images
|
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host…
|
CWE-284
Improper Access Control
|
CVE-2015-1376
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
