|
274521
|
- |
|
aftab
|
tickfa
|
SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action.
|
CWE-89
SQL Injection
|
CVE-2015-4676
|
2024-11-21 11:31 |
2015-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274522
|
- |
|
tinysrp_project
|
tinysrp
|
Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-4675
|
2024-11-21 11:31 |
2015-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274523
|
- |
|
swiftkey
|
swiftkey_sdk
|
Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and cons…
|
CWE-22
Path Traversal
|
CVE-2015-4641
|
2024-11-21 11:31 |
2015-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274524
|
- |
|
swiftkey
|
swiftkey_sdk
|
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attack…
|
CWE-254
7PK - Security Features
|
CVE-2015-4640
|
2024-11-21 11:31 |
2015-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274525
|
- |
|
getsymphony
|
symphony
|
Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-4661
|
2024-11-21 11:31 |
2015-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274526
|
- |
|
eliacom
|
enhanced_sql_portal
|
Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php.
|
CWE-79
Cross-site Scripting
|
CVE-2015-4660
|
2024-11-21 11:31 |
2015-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274527
|
- |
|
labsmedia
|
clickheat
|
Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator passwor…
|
CWE-352
Origin Validation Error
|
CVE-2015-4659
|
2024-11-21 11:31 |
2015-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274528
|
- |
|
milw0rm_project
|
milw0rm_clone_script
|
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.
|
CWE-89
SQL Injection
|
CVE-2015-4658
|
2024-11-21 11:31 |
2015-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274529
|
- |
|
mailbird
|
mailbird
|
Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL.
|
CWE-79
Cross-site Scripting
|
CVE-2015-4657
|
2024-11-21 11:31 |
2015-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274530
|
- |
|
synology
|
photo_station
|
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php …
|
CWE-79
Cross-site Scripting
|
CVE-2015-4656
|
2024-11-21 11:31 |
2015-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
