|
272811
|
- |
|
pixabay_images_project
|
pixabay_images
|
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1375
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272812
|
- |
|
ferretcms_project
|
ferretcms
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cr…
|
CWE-352
Origin Validation Error
|
CVE-2015-1374
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272813
|
- |
|
ferretcms_project
|
ferretcms
|
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search reques…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1373
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272814
|
- |
|
ferretcms_project
|
ferretcms
|
SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.
|
CWE-89
SQL Injection
|
CVE-2015-1372
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272815
|
- |
|
ferretcms_project
|
ferretcms
|
Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct…
|
CWE-20
Improper Input Validation
|
CVE-2015-1371
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272816
|
- |
|
marked_project
|
marked
|
Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.
|
NVD-CWE-Other
|
CVE-2015-1370
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272817
|
- |
|
sequelize_project
|
sequelize
|
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.
|
CWE-89
SQL Injection
|
CVE-2015-1369
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272818
|
- |
|
ansible
|
tower
|
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to cred…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1368
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272819
|
- |
|
catbot_project
|
catbot
|
SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter.
|
CWE-89
SQL Injection
|
CVE-2015-1367
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272820
|
- |
|
pixabay_images_project
|
pixabay_images
|
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user …
|
CWE-79
Cross-site Scripting
|
CVE-2015-1366
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
