|
273201
|
6.1 |
MEDIUM
Network
|
wow_new_media
|
wow_moodboard_lite
|
Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and con…
|
CWE-601
Open Redirect
|
CVE-2015-4070
|
2024-11-21 11:30 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273202
|
6.1 |
MEDIUM
Network
|
clickfraud-monitoring
phpwhois_project
|
adsense-click-fraud-monitoring
phpwhois
|
Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3998
|
2024-11-21 11:30 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273203
|
9.8 |
CRITICAL
Network
|
cloudera
|
key_trustee_server
|
Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key.
|
CWE-320
Key Management Errors
|
CVE-2015-4166
|
2024-11-21 11:30 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273204
|
3.1 |
LOW
Network
|
cloudera
|
navigator
cloudera_manager
|
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data v…
|
CWE-200
Information Exposure
|
CVE-2015-4078
|
2024-11-21 11:30 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273205
|
8.8 |
HIGH
Network
|
qdpm
|
qdpm
|
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-3884
|
2024-11-21 11:30 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273206
|
5.3 |
MEDIUM
Network
|
qdpm
|
qdpm
|
qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2015-3882
|
2024-11-21 11:30 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273207
|
7.5 |
HIGH
Network
|
qdpm
|
qdpm
|
Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qd…
|
CWE-200
Information Exposure
|
CVE-2015-3881
|
2024-11-21 11:30 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273208
|
6.1 |
MEDIUM
Network
|
qdpm
|
qdpm
|
Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3883
|
2024-11-21 11:30 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273209
|
7.5 |
HIGH
Network
|
dell
|
vce_vision_intelligent_operations
|
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover th…
|
CWE-200
Information Exposure
|
CVE-2015-4057
|
2024-11-21 11:30 |
2017-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273210
|
6.7 |
MEDIUM
Local
|
dell
|
vce_vision_intelligent_operations
|
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrati…
|
CWE-310
Cryptographic Issues
|
CVE-2015-4056
|
2024-11-21 11:30 |
2017-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
