|
273541
|
5.9 |
MEDIUM
Network
|
elasticsearch
elastic
|
logstash
|
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obt…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-5619
|
2024-11-21 11:33 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273542
|
6.1 |
MEDIUM
Network
|
zenphoto
|
zenphoto
|
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5594
|
2024-11-21 11:33 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273543
|
9.8 |
CRITICAL
Network
|
samsung
|
syncthru_6
|
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addD…
|
CWE-22
Path Traversal
|
CVE-2015-5473
|
2024-11-21 11:33 |
2017-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273544
|
7.5 |
HIGH
Network
|
powerplay_gallery_project
|
powerplay_gallery
|
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5682
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273545
|
9.1 |
CRITICAL
Network
|
image-export_project
|
image-export
|
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.
|
CWE-22
Path Traversal
|
CVE-2015-5609
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273546
|
7.5 |
HIGH
Network
|
mdc_youtube_downloader_project
|
mdc_youtube_downloader
|
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/do…
|
CWE-22
Path Traversal
|
CVE-2015-5469
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273547
|
7.5 |
HIGH
Network
|
wpshopstyling
|
wp_e-commerce_shop_styling
|
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to inc…
|
CWE-22
Path Traversal
|
CVE-2015-5468
|
2024-11-21 11:33 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273548
|
7.5 |
HIGH
Network
|
hp
|
integrated_lights-out_firmware
|
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotel…
|
NVD-CWE-noinfo
|
CVE-2015-5436
|
2024-11-21 11:33 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273549
|
9.8 |
CRITICAL
Network
|
samsung
|
nt14u_firmware
x14j_firmware
x14h_firmware
x12_firmware
x10p_firmware
m288ofw_firmware
|
The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain …
|
CWE-200
Information Exposure
|
CVE-2015-5729
|
2024-11-21 11:33 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273550
|
5.5 |
MEDIUM
Local
|
freebsd
|
freebsd
|
bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file.
|
CWE-200
Information Exposure
|
CVE-2015-5677
|
2024-11-21 11:33 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
