|
268261
|
9.8 |
CRITICAL
Network
|
progress
|
openedge
|
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via…
|
CWE-284
Improper Access Control
|
CVE-2015-9245
|
2024-11-21 11:40 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268262
|
7.2 |
HIGH
Network
|
cfpaypal
|
cp_contact_form_with_paypal
|
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.
|
CWE-89
SQL Injection
|
CVE-2015-9234
|
2024-11-21 11:40 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268263
|
8.8 |
HIGH
Network
|
codepeople
|
cp_contact_form_with_paypal
|
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.in…
|
CWE-352
Origin Validation Error
|
CVE-2015-9233
|
2024-11-21 11:40 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268264
|
5.3 |
MEDIUM
Network
|
good
|
good_for_enterprise
|
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does no…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2015-9232
|
2024-11-21 11:40 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268265
|
7.5 |
HIGH
Network
|
iterm2
|
iterm2
|
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.2015…
|
CWE-200
Information Exposure
|
CVE-2015-9231
|
2024-11-21 11:40 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268266
|
4.8 |
MEDIUM
Network
|
ait-pro
|
bulletproof_security
|
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefi…
|
CWE-79
Cross-site Scripting
|
CVE-2015-9230
|
2024-11-21 11:40 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268267
|
4.8 |
MEDIUM
Network
|
imagely
|
nextgen_gallery
|
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9229
|
2024-11-21 11:40 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268268
|
8.8 |
HIGH
Network
|
imagely
|
nextgen_gallery
|
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-9228
|
2024-11-21 11:40 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268269
|
7.2 |
HIGH
Network
|
alegrocart
|
alegrocart
|
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL i…
|
CWE-94
Code Injection
|
CVE-2015-9227
|
2024-11-21 11:40 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268270
|
7.2 |
HIGH
Network
|
alegrocart
|
alegrocart
|
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_fi…
|
CWE-89
SQL Injection
|
CVE-2015-9226
|
2024-11-21 11:40 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
