|
275161
|
6.1 |
MEDIUM
Network
|
nagios
|
business_process_intelligence
|
Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3618
|
2024-11-21 11:29 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275162
|
7.5 |
HIGH
Network
|
thecartpress
|
thecartpress_ecommerce_shopping_cart
|
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by …
|
CWE-284
Improper Access Control
|
CVE-2015-3302
|
2024-11-21 11:29 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275163
|
8.1 |
HIGH
Network
|
phpmybackuppro
|
phpmybackuppro
|
SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.
|
CWE-89
SQL Injection
|
CVE-2015-3637
|
2024-11-21 11:29 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275164
|
4.3 |
MEDIUM
Network
|
zfsonlinux
|
zfs
|
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obta…
|
CWE-200
Information Exposure
|
CVE-2015-3400
|
2024-11-21 11:29 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275165
|
6.7 |
MEDIUM
Local
|
lenovo
|
fingerprint_manager
|
Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3321
|
2024-11-21 11:29 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275166
|
7.8 |
HIGH
Local
|
usb-creator_project
|
usb-creator
|
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3643
|
2024-11-21 11:29 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275167
|
6.1 |
MEDIUM
Network
|
nodebb
|
nodebb
|
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3296
|
2024-11-21 11:29 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275168
|
6.1 |
MEDIUM
Network
|
pydio
|
pydio
|
Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS V…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3432
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275169
|
9.8 |
CRITICAL
Network
|
pydio
|
pydio
|
Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."
|
CWE-78
OS Command
|
CVE-2015-3431
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275170
|
5.9 |
MEDIUM
Network
|
dovecot
fedoraproject
|
dovecot
fedora
|
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-3420
|
2024-11-21 11:29 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
