|
267501
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.
|
CWE-399
Resource Management Errors
|
CVE-2015-9252
|
2024-11-21 11:40 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267502
|
6.1 |
MEDIUM
Network
|
jquery
oracle
|
jquery
service_bus
primavera_unifier
jd_edwards_enterpriseone_tools
enterprise_manager_ops_center
webcenter_sites
weblogic_server
jdeveloper
primavera_gateway
peoplesoft_en…
|
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9251
|
2024-11-21 11:40 |
2018-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267503
|
7.5 |
HIGH
Network
|
skyboxsecurity
|
skybox_platform
|
An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter.
|
CWE-22
Path Traversal
|
CVE-2015-9250
|
2024-11-21 11:40 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267504
|
9.8 |
CRITICAL
Network
|
skyboxsecurity
|
skybox_platform
|
An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element.
|
CWE-89
SQL Injection
|
CVE-2015-9249
|
2024-11-21 11:40 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267505
|
5.4 |
MEDIUM
Network
|
skyboxsecurity
|
skybox_platform
|
An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Ma…
|
CWE-79
Cross-site Scripting
|
CVE-2015-9248
|
2024-11-21 11:40 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267506
|
5.4 |
MEDIUM
Network
|
skyboxsecurity
|
skybox_platform
|
An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body eleme…
|
CWE-79
Cross-site Scripting
|
CVE-2015-9247
|
2024-11-21 11:40 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267507
|
9.8 |
CRITICAL
Network
|
skyboxsecurity
|
skybox_platform
|
An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/ser…
|
CWE-20
Improper Input Validation
|
CVE-2015-9246
|
2024-11-21 11:40 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267508
|
9.8 |
CRITICAL
Network
|
progress
|
openedge
|
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via…
|
CWE-284
Improper Access Control
|
CVE-2015-9245
|
2024-11-21 11:40 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267509
|
7.2 |
HIGH
Network
|
cfpaypal
|
cp_contact_form_with_paypal
|
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.
|
CWE-89
SQL Injection
|
CVE-2015-9234
|
2024-11-21 11:40 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267510
|
8.8 |
HIGH
Network
|
codepeople
|
cp_contact_form_with_paypal
|
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.in…
|
CWE-352
Origin Validation Error
|
CVE-2015-9233
|
2024-11-21 11:40 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
