|
271871
|
8.8 |
HIGH
Network
|
phpmybackuppro
|
phpmybackuppro
|
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to …
|
CWE-94
Code Injection
|
CVE-2015-3638
|
2024-11-21 11:29 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271872
|
6.1 |
MEDIUM
Network
|
eshop_project
|
eshop
|
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3421
|
2024-11-21 11:29 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271873
|
7.5 |
HIGH
Network
|
etherpad
|
etherpad
|
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the …
|
CWE-22
Path Traversal
|
CVE-2015-3297
|
2024-11-21 11:29 |
2017-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271874
|
5.5 |
MEDIUM
Local
|
google
|
android
|
The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS"…
|
CWE-284
Improper Access Control
|
CVE-2015-3840
|
2024-11-21 11:29 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271875
|
7.8 |
HIGH
Local
|
redhat
|
automatic_bug_reporting_tool
|
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp…
|
CWE-59
Link Following
|
CVE-2015-3315
|
2024-11-21 11:29 |
2017-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271876
|
6.5 |
MEDIUM
Network
|
apache
|
thrift
|
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
|
CWE-20
Improper Input Validation
|
CVE-2015-3254
|
2024-11-21 11:29 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271877
|
7.5 |
HIGH
Network
|
slideshow_project
|
slideshow
|
The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.
|
CWE-200
Information Exposure
|
CVE-2015-3634
|
2024-11-21 11:29 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271878
|
5.3 |
MEDIUM
Network
|
markdown-it_project
|
markdown-it
|
markdown-it before 4.1.0 does not block data: URLs.
|
CWE-284
Improper Access Control
|
CVE-2015-3295
|
2024-11-21 11:29 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271879
|
6.5 |
MEDIUM
Network
|
google
|
android
|
The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate…
|
CWE-20
Improper Input Validation
|
CVE-2015-3830
|
2024-11-21 11:29 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271880
|
8.8 |
HIGH
Network
|
genexia
|
drgos
|
The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) …
|
CWE-77
Command Injection
|
CVE-2015-3441
|
2024-11-21 11:29 |
2017-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
