|
273891
|
- |
|
ansible
|
tower
|
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
|
CWE-200
Information Exposure
|
CVE-2015-1482
|
2024-11-21 11:25 |
2015-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273892
|
- |
|
ansible
|
tower
|
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1481
|
2024-11-21 11:25 |
2015-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273893
|
- |
|
manageengine
|
servicedesk_plus
|
ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a dire…
|
CWE-200
Information Exposure
|
CVE-2015-1480
|
2024-11-21 11:25 |
2015-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273894
|
- |
|
zohocorp
|
servicedesk_plus
|
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via …
|
CWE-89
SQL Injection
|
CVE-2015-1479
|
2024-11-21 11:25 |
2015-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273895
|
- |
|
cmsjunkie
|
j-classifiedsmanager
|
Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifi…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1478
|
2024-11-21 11:25 |
2015-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273896
|
- |
|
cmsjunkie
|
j-classifiedsmanager
|
SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/…
|
CWE-89
SQL Injection
|
CVE-2015-1477
|
2024-11-21 11:25 |
2015-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273897
|
- |
|
ecommercemajor_project
|
ecommercemajor
|
Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) pa…
|
CWE-89
SQL Injection
|
CVE-2015-1476
|
2024-11-21 11:25 |
2015-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273898
|
- |
|
mylittleforum
|
my_little_forum
|
Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to …
|
CWE-79
Cross-site Scripting
|
CVE-2015-1475
|
2024-11-21 11:25 |
2015-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273899
|
- |
|
asus
|
rt-n10\+d1_firmware
|
Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) resu…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1437
|
2024-11-21 11:25 |
2015-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273900
|
- |
|
servision
|
hvg_video_gateway_firmware
|
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP r…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1469
|
2024-11-21 11:25 |
2015-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
