|
272691
|
5.4 |
MEDIUM
Network
|
10web
|
photo_gallery
|
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2324
|
2024-11-21 11:27 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272692
|
6.1 |
MEDIUM
Network
|
woocommerce
|
woocommerce
|
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2329
|
2024-11-21 11:27 |
2018-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272693
|
7.5 |
HIGH
Network
|
etherpad
|
etherpad
|
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.
|
CWE-200
Information Exposure
|
CVE-2015-2298
|
2024-11-21 11:27 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272694
|
9.8 |
CRITICAL
Network
|
mono-project
debian
|
mono
debian_linux
|
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2320
|
2024-11-21 11:27 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272695
|
7.5 |
HIGH
Network
|
mono-project
|
mono
|
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different v…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2319
|
2024-11-21 11:27 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272696
|
8.1 |
HIGH
Network
|
mono-project
debian
|
mono
debian_linux
|
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2318
|
2024-11-21 11:27 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272697
|
8.8 |
HIGH
Network
|
wpeasycart
|
wp_easycart
|
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2673
|
2024-11-21 11:27 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272698
|
7.5 |
HIGH
Network
|
libcsoap_project
|
libcsoap
|
nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.
|
CWE-476
NULL Pointer Dereference
|
CVE-2015-2297
|
2024-11-21 11:27 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272699
|
6.1 |
MEDIUM
Network
|
drupal
debian
|
drupal
debian_linux
|
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi…
|
CWE-601
Open Redirect
|
CVE-2015-2750
|
2024-11-21 11:27 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272700
|
6.1 |
MEDIUM
Network
|
drupal
debian
|
drupal
debian_linux
|
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination pa…
|
CWE-601
Open Redirect
|
CVE-2015-2749
|
2024-11-21 11:27 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
