|
276471
|
- |
|
entity_api_project
|
entity_api
|
Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2197
|
2024-11-21 11:26 |
2015-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276472
|
- |
|
web-dorado
|
spider_calendar
|
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-a…
|
CWE-89
SQL Injection
|
CVE-2015-2196
|
2024-11-21 11:26 |
2015-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276473
|
- |
|
wp_media_cleaner_project
|
wp_media_cleaner
|
Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2195
|
2024-11-21 11:26 |
2015-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276474
|
- |
|
digitalnature
|
fusion
|
Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a…
|
NVD-CWE-Other
|
CVE-2015-2194
|
2024-11-21 11:26 |
2015-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276475
|
- |
|
cosmoshop
|
cosmoshop
|
Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2103
|
2024-11-21 11:26 |
2015-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276476
|
- |
|
clip-bucket
|
clipbucket
|
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
|
CWE-89
SQL Injection
|
CVE-2015-2102
|
2024-11-21 11:26 |
2015-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276477
|
- |
|
impliedbydesign
|
navigate
|
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2101
|
2024-11-21 11:26 |
2015-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276478
|
- |
|
sap
|
businessobjects_edge
|
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.
|
CWE-200
Information Exposure
|
CVE-2015-2076
|
2024-11-21 11:26 |
2015-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276479
|
- |
|
sap
|
businessobjects_edge
|
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2075
|
2024-11-21 11:26 |
2015-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276480
|
- |
|
sap
|
hana
|
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML …
|
CWE-79
Cross-site Scripting
|
CVE-2015-2072
|
2024-11-21 11:26 |
2015-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
