|
274401
|
7.5 |
HIGH
Network
|
phpmybackuppro
|
phpmybackuppro
|
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of …
|
CWE-22
Path Traversal
|
CVE-2015-4180
|
2024-11-21 11:30 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274402
|
7.5 |
HIGH
Network
|
saltstack
|
salt
|
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-4017
|
2024-11-21 11:30 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274403
|
5.3 |
MEDIUM
Network
|
helpdesk_pro_project
|
helpdesk_pro
|
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/…
|
CWE-200
Information Exposure
|
CVE-2015-4071
|
2024-11-21 11:30 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274404
|
6.5 |
MEDIUM
Network
|
attic_project
|
attic
|
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive informa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4082
|
2024-11-21 11:30 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274405
|
7.5 |
HIGH
Network
|
elasticsearch
|
elasticsearch
|
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4165
|
2024-11-21 11:30 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274406
|
7.8 |
HIGH
Local
|
tukaani
|
xz
|
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run x…
|
CWE-20
Improper Input Validation
|
CVE-2015-4035
|
2024-11-21 11:30 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274407
|
7.8 |
HIGH
Local
|
netlock
|
mokka
|
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Ob…
|
CWE-91
Blind XPath Injection
|
CVE-2015-3932
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274408
|
7.8 |
HIGH
Local
|
microsec
|
e-szigno
|
Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:…
|
CWE-91
Blind XPath Injection
|
CVE-2015-3931
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274409
|
9.8 |
CRITICAL
Network
|
libinfinity_project
|
libinfinity
|
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-3886
|
2024-11-21 11:30 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274410
|
7.5 |
HIGH
Network
|
huawei
|
s2300_firmware
s2700_firmware
s3300_firmware
s3700_firmware
s5300ei_firmware
s5700ei_firmware
s5300si_firmware
s5700si_firmware
s5300hi_firmware
s5700hi_firmware
s6300ei…
|
The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.
|
CWE-20
Improper Input Validation
|
CVE-2015-3913
|
2024-11-21 11:30 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
