|
273941
|
- |
|
ferretcms_project
|
ferretcms
|
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search reques…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1373
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273942
|
- |
|
ferretcms_project
|
ferretcms
|
SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.
|
CWE-89
SQL Injection
|
CVE-2015-1372
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273943
|
- |
|
ferretcms_project
|
ferretcms
|
Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct…
|
CWE-20
Improper Input Validation
|
CVE-2015-1371
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273944
|
- |
|
marked_project
|
marked
|
Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.
|
NVD-CWE-Other
|
CVE-2015-1370
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273945
|
- |
|
sequelize_project
|
sequelize
|
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.
|
CWE-89
SQL Injection
|
CVE-2015-1369
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273946
|
- |
|
ansible
|
tower
|
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to cred…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1368
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273947
|
- |
|
catbot_project
|
catbot
|
SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter.
|
CWE-89
SQL Injection
|
CVE-2015-1367
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273948
|
- |
|
pixabay_images_project
|
pixabay_images
|
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user …
|
CWE-79
Cross-site Scripting
|
CVE-2015-1366
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273949
|
- |
|
pixabay_images_project
|
pixabay_images
|
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
|
CWE-22
Path Traversal
|
CVE-2015-1365
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273950
|
- |
|
freereprintables
|
articlefr
|
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username …
|
CWE-89
SQL Injection
|
CVE-2015-1364
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
