|
275951
|
- |
|
debian
drupal
|
debian_linux
drupal
|
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a craf…
|
CWE-284
Improper Access Control
|
CVE-2015-2559
|
2024-11-21 11:27 |
2015-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275952
|
- |
|
fedoraproject
debian
opensuse
djangoproject
oracle
canonical
|
fedora
debian_linux
opensuse
django
solaris
ubuntu_linux
|
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to c…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2317
|
2024-11-21 11:27 |
2015-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275953
|
- |
|
oracle
djangoproject
fedoraproject
canonical
opensuse
|
solaris
django
fedora
ubuntu_linux
opensuse
|
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of servi…
|
CWE-399
Resource Management Errors
|
CVE-2015-2316
|
2024-11-21 11:27 |
2015-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275954
|
- |
|
solarwinds
|
firewall_security_manager
|
userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client sessi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2284
|
2024-11-21 11:27 |
2015-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275955
|
- |
|
canonical
linuxfoundation
|
ubuntu_linux
cups-filters
|
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (…
|
CWE-77
Command Injection
|
CVE-2015-2265
|
2024-11-21 11:27 |
2015-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275956
|
- |
|
asus
|
rt-g32_firmware
|
Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2681
|
2024-11-21 11:27 |
2015-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275957
|
- |
|
metalgenix
|
genixcms
|
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator accou…
|
CWE-352
Origin Validation Error
|
CVE-2015-2680
|
2024-11-21 11:27 |
2015-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275958
|
- |
|
genixcms
|
genixcms
|
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter t…
|
CWE-89
SQL Injection
|
CVE-2015-2679
|
2024-11-21 11:27 |
2015-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275959
|
- |
|
genixcms
|
genixcms
|
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page …
|
CWE-79
Cross-site Scripting
|
CVE-2015-2678
|
2024-11-21 11:27 |
2015-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275960
|
- |
|
ocportal
|
ocportal
|
Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_ca…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2677
|
2024-11-21 11:27 |
2015-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
