|
270511
|
8.8 |
HIGH
Network
|
edx
|
edx-platform
|
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-5601
|
2024-11-21 11:33 |
2019-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270512
|
6.1 |
MEDIUM
Network
|
axiomsl
|
axiom
|
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features.
|
CWE-74
Injection
|
CVE-2015-5462
|
2024-11-21 11:33 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270513
|
9.8 |
CRITICAL
Network
|
axiomsl
|
axiom
|
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through a…
|
CWE-285
Improper Authorization
|
CVE-2015-5463
|
2024-11-21 11:33 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270514
|
7.5 |
HIGH
Network
|
axway
|
vordel_xml_gateway
|
Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.
|
CWE-20
Improper Input Validation
|
CVE-2015-5606
|
2024-11-21 11:33 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270515
|
9.8 |
CRITICAL
Network
|
codeigniter
|
codeigniter
|
SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset vari…
|
CWE-89
SQL Injection
|
CVE-2015-5725
|
2024-11-21 11:33 |
2018-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270516
|
6.5 |
MEDIUM
Network
|
freebsd
|
freebsd
|
The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authentica…
|
CWE-20
Improper Input Validation
|
CVE-2015-5674
|
2024-11-21 11:33 |
2018-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270517
|
7.2 |
HIGH
Network
|
count_per_day_project
|
count_per_day
|
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep…
|
CWE-89
SQL Injection
|
CVE-2015-5533
|
2024-11-21 11:33 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270518
|
6.1 |
MEDIUM
Network
|
strangerstudios
|
paid_memberships_pro
|
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5532
|
2024-11-21 11:33 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270519
|
7.8 |
HIGH
Local
|
cumulusnetworks
|
cumulus_linux
|
The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5699
|
2024-11-21 11:33 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270520
|
9.8 |
CRITICAL
Network
|
golang
fedoraproject
redhat
|
go
fedora
enterprise_linux_server_aus
enterprise_linux_server_tus
enterprise_linux_server
enterprise_linux_server_eus
|
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Co…
|
CWE-444
HTTP Request Smuggling
|
CVE-2015-5740
|
2024-11-21 11:33 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
