|
270221
|
7.5 |
HIGH
Network
|
mdc_youtube_downloader_project
|
mdc_youtube_downloader
|
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/do…
|
CWE-22
Path Traversal
|
CVE-2015-5469
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270222
|
7.5 |
HIGH
Network
|
wpshopstyling
|
wp_e-commerce_shop_styling
|
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to inc…
|
CWE-22
Path Traversal
|
CVE-2015-5468
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270223
|
7.5 |
HIGH
Network
|
hp
|
integrated_lights-out_firmware
|
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotel…
|
NVD-CWE-noinfo
|
CVE-2015-5436
|
2024-11-21 11:33 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270224
|
9.8 |
CRITICAL
Network
|
samsung
|
nt14u_firmware
x14j_firmware
x14h_firmware
x12_firmware
x10p_firmware
m288ofw_firmware
|
The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain …
|
CWE-200
Information Exposure
|
CVE-2015-5729
|
2024-11-21 11:33 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270225
|
5.5 |
MEDIUM
Local
|
freebsd
|
freebsd
|
bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file.
|
CWE-200
Information Exposure
|
CVE-2015-5677
|
2024-11-21 11:33 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270226
|
9.8 |
CRITICAL
Network
|
misp-project
|
malware_information_sharing_platform
|
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_…
|
CWE-94
Code Injection
|
CVE-2015-5721
|
2024-11-21 11:33 |
2016-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270227
|
6.1 |
MEDIUM
Network
|
misp-project
|
malware_information_sharing_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5720
|
2024-11-21 11:33 |
2016-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270228
|
9.8 |
CRITICAL
Network
|
misp-project
|
malware_information_sharing_platform
|
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact a…
|
NVD-CWE-noinfo
|
CVE-2015-5719
|
2024-11-21 11:33 |
2016-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270229
|
7.5 |
HIGH
Network
|
marvell
f5
|
software_development_kit
traffix_signaling_delivery_controller
|
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for rem…
|
CWE-200
Information Exposure
|
CVE-2015-5738
|
2024-11-21 11:33 |
2016-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270230
|
6.1 |
MEDIUM
Network
|
qnap
|
qts
|
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-5664
|
2024-11-21 11:33 |
2016-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
