|
267431
|
6.1 |
MEDIUM
Network
|
mailenable
|
mailenable
|
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9279
|
2024-11-21 11:40 |
2019-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267432
|
9.8 |
CRITICAL
Network
|
mailenable
|
mailenable
|
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
|
CWE-255
Credentials Management
|
CVE-2015-9278
|
2024-11-21 11:40 |
2019-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267433
|
9.1 |
CRITICAL
Network
|
mailenable
|
mailenable
|
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.
|
CWE-22
Path Traversal
|
CVE-2015-9277
|
2024-11-21 11:40 |
2019-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267434
|
6.1 |
MEDIUM
Network
|
smartertools
|
smartermail
|
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2015-9276
|
2024-11-21 11:40 |
2019-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267435
|
5.3 |
MEDIUM
Network
|
arc_project
|
arc
|
ARC 5.21q allows directory traversal via a full pathname in an archive file.
|
CWE-22
Path Traversal
|
CVE-2015-9275
|
2024-11-21 11:40 |
2019-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267436
|
6.5 |
MEDIUM
Network
|
harfbuzz_project
|
harfbuzz
|
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-t…
|
CWE-125
Out-of-bounds Read
|
CVE-2015-9274
|
2024-11-21 11:40 |
2018-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267437
|
6.1 |
MEDIUM
Network
|
wp-slimstat
|
slimstat_analytics
|
The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9273
|
2024-11-21 11:40 |
2018-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267438
|
9.8 |
CRITICAL
Network
|
videowhisper
|
video_presentation
|
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four charact…
|
CWE-94
Code Injection
|
CVE-2015-9272
|
2024-11-21 11:40 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267439
|
9.8 |
CRITICAL
Network
|
videowhisper
|
video_conference
|
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-9271
|
2024-11-21 11:40 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267440
|
6.1 |
MEDIUM
Network
|
theholidaycalendar
|
holiday_calendar
|
XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9270
|
2024-11-21 11:40 |
2018-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
