|
273861
|
- |
|
mobile_domain_project
|
mobile_domain
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) …
|
CWE-352
Origin Validation Error
|
CVE-2015-1581
|
2024-11-21 11:25 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273862
|
- |
|
redirection_project
|
redirection
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1)…
|
CWE-352
Origin Validation Error
|
CVE-2015-1580
|
2024-11-21 11:25 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273863
|
- |
|
elegant_themes
|
divi
|
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image acti…
|
CWE-22
Path Traversal
|
CVE-2015-1579
|
2024-11-21 11:25 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273864
|
- |
|
yuba
|
u5cms
|
Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admi…
|
NVD-CWE-Other
|
CVE-2015-1578
|
2024-11-21 11:25 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273865
|
- |
|
yuba
|
u5cms
|
Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter.
|
CWE-22
Path Traversal
|
CVE-2015-1577
|
2024-11-21 11:25 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273866
|
- |
|
yuba
|
u5cms
|
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.…
|
CWE-89
SQL Injection
|
CVE-2015-1576
|
2024-11-21 11:25 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273867
|
- |
|
yuba
|
u5cms
|
Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; t…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1575
|
2024-11-21 11:25 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273868
|
- |
|
redaxscript
|
redaxscript
|
SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
|
CWE-89
SQL Injection
|
CVE-2015-1518
|
2024-11-21 11:25 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273869
|
- |
|
fortinet
|
fortios
|
The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-i…
|
CWE-310
Cryptographic Issues
|
CVE-2015-1571
|
2024-11-21 11:25 |
2015-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273870
|
- |
|
fortinet
|
forticlient
|
The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to…
|
CWE-310
Cryptographic Issues
|
CVE-2015-1570
|
2024-11-21 11:25 |
2015-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
