|
271041
|
6.5 |
MEDIUM
Network
|
efrontlearning
|
efront
|
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-4463
|
2024-11-21 11:31 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271042
|
6.5 |
MEDIUM
Network
|
efrontlearning
|
efront
|
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file fro…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-4462
|
2024-11-21 11:31 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271043
|
8.8 |
HIGH
Network
|
koha
|
koha
|
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web sc…
|
CWE-352
Origin Validation Error
|
CVE-2015-4639
|
2024-11-21 11:31 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271044
|
7.8 |
HIGH
Local
|
lenovo
|
mouse_suite
|
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4596
|
2024-11-21 11:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271045
|
7.5 |
HIGH
Network
|
download_zip_attachments_project
|
download_zip_attachments
|
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php.
|
CWE-22
Path Traversal
|
CVE-2015-4704
|
2024-11-21 11:31 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271046
|
9.8 |
CRITICAL
Network
|
aviary_image_editor_add-on_for_gravity_forms_project
|
aviary_image_editor_add-on_for_gravity_forms
|
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by up…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-4455
|
2024-11-21 11:31 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271047
|
7.5 |
HIGH
Network
|
squashfs_project
|
squashfs
|
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.
|
CWE-20
Improper Input Validation
|
CVE-2015-4646
|
2024-11-21 11:31 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271048
|
5.4 |
MEDIUM
Network
|
clip-bucket
|
clipbucket
|
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to uploa…
|
CWE-79
Cross-site Scripting
|
CVE-2015-4673
|
2024-11-21 11:31 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271049
|
7.5 |
HIGH
Network
|
freeradius
suse
|
freeradius
linux_enterprise_software_development_kit
linux_enterprise_server
|
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-4680
|
2024-11-21 11:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271050
|
7.5 |
HIGH
Adjacent
|
hak5
|
wi-fi_pineapple_firmware
|
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
|
CWE-284
Improper Access Control
|
CVE-2015-4624
|
2024-11-21 11:31 |
2017-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
