|
273131
|
- |
|
magic_hills
|
wonderplugin_audio_player
|
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers …
|
CWE-79
Cross-site Scripting
|
CVE-2015-2218
|
2024-11-21 11:27 |
2015-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273132
|
- |
|
photocati_media
|
photocrati
|
SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter.
|
CWE-89
SQL Injection
|
CVE-2015-2216
|
2024-11-21 11:27 |
2015-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273133
|
- |
|
services_single_sign-on_server_helper_project
|
services_single_sign-on_server_helper
|
Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct ph…
|
NVD-CWE-Other
|
CVE-2015-2215
|
2024-11-21 11:27 |
2015-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273134
|
- |
|
netcat
|
netcat
|
NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php.
|
CWE-200
Information Exposure
|
CVE-2015-2214
|
2024-11-21 11:27 |
2015-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273135
|
- |
|
dlguard
|
dlguard
|
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.
|
CWE-200
Information Exposure
|
CVE-2015-2209
|
2024-11-21 11:27 |
2015-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273136
|
5.5 |
MEDIUM
Local
|
xaviershay-dm-rails_porject
|
xaviershay-dm-rails
|
The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments.
|
NVD-CWE-noinfo
|
CVE-2015-2179
|
2024-11-21 11:26 |
2023-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273137
|
7.5 |
HIGH
Network
|
jhipster
|
jhipster
|
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by br…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2015-20110
|
2024-11-21 11:26 |
2023-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273138
|
7.2 |
HIGH
Network
|
hp
arubanetworks
|
airwave
|
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
|
CWE-20
Improper Input Validation
|
CVE-2015-2202
|
2024-11-21 11:26 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273139
|
7.2 |
HIGH
Network
|
hp
arubanetworks
|
airwave
|
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
|
CWE-78
OS Command
|
CVE-2015-2201
|
2024-11-21 11:26 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273140
|
5.5 |
MEDIUM
Local
|
gnu
|
glibc
|
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstra…
|
CWE-120
Classic Buffer Overflow
|
CVE-2015-20109
|
2024-11-21 11:26 |
2023-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
