|
270191
|
6.1 |
MEDIUM
Network
|
zenphoto
|
zenphoto
|
Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks.
|
CWE-79
Cross-site Scripting
|
CVE-2015-5592
|
2024-11-21 11:33 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270192
|
7.2 |
HIGH
Network
|
zenphoto
|
zenphoto
|
SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.
|
CWE-89
SQL Injection
|
CVE-2015-5591
|
2024-11-21 11:33 |
2020-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270193
|
6.5 |
MEDIUM
Network
|
openstack
redhat
debian
|
designate
enterprise_linux_openstack_platform
debian_linux
|
Designate does not enforce the DNS protocol limit concerning record set sizes
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2015-5694
|
2024-11-21 11:33 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270194
|
8.8 |
HIGH
Network
|
edx
|
edx-platform
|
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-5601
|
2024-11-21 11:33 |
2019-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270195
|
6.1 |
MEDIUM
Network
|
axiomsl
|
axiom
|
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features.
|
CWE-74
Injection
|
CVE-2015-5462
|
2024-11-21 11:33 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270196
|
9.8 |
CRITICAL
Network
|
axiomsl
|
axiom
|
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through a…
|
CWE-285
Improper Authorization
|
CVE-2015-5463
|
2024-11-21 11:33 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270197
|
7.5 |
HIGH
Network
|
axway
|
vordel_xml_gateway
|
Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.
|
CWE-20
Improper Input Validation
|
CVE-2015-5606
|
2024-11-21 11:33 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270198
|
9.8 |
CRITICAL
Network
|
codeigniter
|
codeigniter
|
SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset vari…
|
CWE-89
SQL Injection
|
CVE-2015-5725
|
2024-11-21 11:33 |
2018-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270199
|
6.5 |
MEDIUM
Network
|
freebsd
|
freebsd
|
The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authentica…
|
CWE-20
Improper Input Validation
|
CVE-2015-5674
|
2024-11-21 11:33 |
2018-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270200
|
7.2 |
HIGH
Network
|
count_per_day_project
|
count_per_day
|
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep…
|
CWE-89
SQL Injection
|
CVE-2015-5533
|
2024-11-21 11:33 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
