|
276011
|
9.6 |
CRITICAL
Network
|
cbads
|
clickbank_affiliate_ads
|
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due …
|
-
|
CVE-2015-20105
|
2024-11-21 11:26 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276012
|
7.5 |
HIGH
Network
|
wp_attachment_export_project
|
wp_attachment_export
|
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on…
|
-
|
CVE-2015-20067
|
2024-11-21 11:26 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276013
|
5.4 |
MEDIUM
Network
|
content_text_slider_on_post_project
|
content_text_slider_on_post
|
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues
|
-
|
CVE-2015-20019
|
2024-11-21 11:26 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276014
|
7.5 |
HIGH
Network
|
sap
|
businessobjects_edge
|
The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.
|
CWE-22
Path Traversal
|
CVE-2015-2074
|
2024-11-21 11:26 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276015
|
7.5 |
HIGH
Network
|
sap
|
businessobjects_edge
|
The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.
|
CWE-22
Path Traversal
|
CVE-2015-2073
|
2024-11-21 11:26 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276016
|
8.8 |
HIGH
Network
|
webgate
|
edvr_manager
control_center
|
Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 fu…
|
CWE-787
Out-of-bounds Write
|
CVE-2015-2100
|
2024-11-21 11:26 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276017
|
8.8 |
HIGH
Network
|
webgateinc
|
control_center
|
Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.…
|
CWE-120
Classic Buffer Overflow
|
CVE-2015-2099
|
2024-11-21 11:26 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276018
|
8.8 |
HIGH
Network
|
webgateinc
|
edvr_manager
|
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in…
|
CWE-120
Classic Buffer Overflow
|
CVE-2015-2098
|
2024-11-21 11:26 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276019
|
8.8 |
HIGH
Network
|
freedesktop
debian
|
xdg-utils
debian_linux
|
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands…
|
CWE-77
Command Injection
|
CVE-2015-1877
|
2024-11-21 11:26 |
2021-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276020
|
7.5 |
HIGH
Network
|
rust-lang
|
rust
|
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-20001
|
2024-11-21 11:26 |
2021-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
