|
274691
|
7.5 |
HIGH
Network
|
etherpad
|
etherpad
|
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (do…
|
CWE-22
Path Traversal
|
CVE-2015-3309
|
2024-11-21 11:29 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274692
|
8.8 |
HIGH
Network
|
netcracker
|
resource_management_system
|
Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h__…
|
CWE-89
SQL Injection
|
CVE-2015-3423
|
2024-11-21 11:29 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274693
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortimanager
|
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
|
CWE-269
Improper Privilege Management
|
CVE-2015-3613
|
2024-11-21 11:29 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274694
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortimanager
|
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3612
|
2024-11-21 11:29 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274695
|
8.8 |
HIGH
Network
|
fortinet
|
fortimanager
|
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when exec…
|
CWE-78
OS Command
|
CVE-2015-3611
|
2024-11-21 11:29 |
2020-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274696
|
6.1 |
MEDIUM
Network
|
accentis
|
content_resource_management_system
|
Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_cont…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3425
|
2024-11-21 11:29 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274697
|
8.8 |
HIGH
Network
|
accentis
|
content_resource_management_system
|
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
|
CWE-89
SQL Injection
|
CVE-2015-3424
|
2024-11-21 11:29 |
2019-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274698
|
7.5 |
HIGH
Network
|
module-signature_project
canonical
|
module-signature
ubuntu_linux
|
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2015-3406
|
2024-11-21 11:29 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274699
|
5.4 |
MEDIUM
Network
|
virtuemart
|
virtuemart
|
Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors invol…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3619
|
2024-11-21 11:29 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274700
|
6.1 |
MEDIUM
Network
|
nagios
|
business_process_intelligence
|
Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3618
|
2024-11-21 11:29 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
