|
270251
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML v…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5734
|
2024-11-21 11:33 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270252
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5733
|
2024-11-21 11:33 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270253
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary …
|
CWE-79
Cross-site Scripting
|
CVE-2015-5732
|
2024-11-21 11:33 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270254
|
- |
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, an…
|
CWE-352
Origin Validation Error
|
CVE-2015-5731
|
2024-11-21 11:33 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270255
|
- |
|
wordpress
|
wordpress
|
The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to con…
|
CWE-200
Information Exposure
|
CVE-2015-5730
|
2024-11-21 11:33 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270256
|
- |
|
typemoon
|
witch_on_the_holy_night
fate\/stay_night
fate\/stay_night_\+_hollow_ataraxia_set
fate\/hollow_ataraxia
|
TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data.
|
CWE-78
OS Command
|
CVE-2015-5672
|
2024-11-21 11:33 |
2015-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270257
|
- |
|
isucon
|
isucon_5_qualifier_eventapp
|
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an …
|
CWE-78
OS Command
|
CVE-2015-5673
|
2024-11-21 11:33 |
2015-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270258
|
- |
|
oxwall
|
oxwall
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maint…
|
CWE-352
Origin Validation Error
|
CVE-2015-5534
|
2024-11-21 11:33 |
2015-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270259
|
- |
|
powerdns
|
authoritative
recursor
|
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a d…
|
CWE-399
Resource Management Errors
|
CVE-2015-5470
|
2024-11-21 11:33 |
2015-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270260
|
- |
|
html-scrubber_project
|
html-scrubber
|
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a cr…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5667
|
2024-11-21 11:33 |
2015-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
