|
276471
|
4.8 |
MEDIUM
Network
|
cbads
|
clickbank_affiliate_ads
|
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallow…
|
-
|
CVE-2015-20106
|
2024-11-21 11:26 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276472
|
9.6 |
CRITICAL
Network
|
cbads
|
clickbank_affiliate_ads
|
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due …
|
-
|
CVE-2015-20105
|
2024-11-21 11:26 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276473
|
7.5 |
HIGH
Network
|
wp_attachment_export_project
|
wp_attachment_export
|
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on…
|
-
|
CVE-2015-20067
|
2024-11-21 11:26 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276474
|
5.4 |
MEDIUM
Network
|
content_text_slider_on_post_project
|
content_text_slider_on_post
|
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues
|
-
|
CVE-2015-20019
|
2024-11-21 11:26 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276475
|
7.5 |
HIGH
Network
|
sap
|
businessobjects_edge
|
The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.
|
CWE-22
Path Traversal
|
CVE-2015-2074
|
2024-11-21 11:26 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276476
|
7.5 |
HIGH
Network
|
sap
|
businessobjects_edge
|
The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.
|
CWE-22
Path Traversal
|
CVE-2015-2073
|
2024-11-21 11:26 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276477
|
8.8 |
HIGH
Network
|
webgate
|
edvr_manager
control_center
|
Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 fu…
|
CWE-787
Out-of-bounds Write
|
CVE-2015-2100
|
2024-11-21 11:26 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276478
|
8.8 |
HIGH
Network
|
webgateinc
|
control_center
|
Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.…
|
CWE-120
Classic Buffer Overflow
|
CVE-2015-2099
|
2024-11-21 11:26 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276479
|
8.8 |
HIGH
Network
|
webgateinc
|
edvr_manager
|
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in…
|
CWE-120
Classic Buffer Overflow
|
CVE-2015-2098
|
2024-11-21 11:26 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276480
|
8.8 |
HIGH
Network
|
freedesktop
debian
|
xdg-utils
debian_linux
|
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands…
|
CWE-77
Command Injection
|
CVE-2015-1877
|
2024-11-21 11:26 |
2021-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
