|
276891
|
- |
|
ferretcms_project
|
ferretcms
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cr…
|
CWE-352
Origin Validation Error
|
CVE-2015-1374
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276892
|
- |
|
ferretcms_project
|
ferretcms
|
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search reques…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1373
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276893
|
- |
|
ferretcms_project
|
ferretcms
|
SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.
|
CWE-89
SQL Injection
|
CVE-2015-1372
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276894
|
- |
|
ferretcms_project
|
ferretcms
|
Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct…
|
CWE-20
Improper Input Validation
|
CVE-2015-1371
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276895
|
- |
|
marked_project
|
marked
|
Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.
|
NVD-CWE-Other
|
CVE-2015-1370
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276896
|
- |
|
sequelize_project
|
sequelize
|
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.
|
CWE-89
SQL Injection
|
CVE-2015-1369
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276897
|
- |
|
ansible
|
tower
|
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to cred…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1368
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276898
|
- |
|
catbot_project
|
catbot
|
SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter.
|
CWE-89
SQL Injection
|
CVE-2015-1367
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276899
|
- |
|
pixabay_images_project
|
pixabay_images
|
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user …
|
CWE-79
Cross-site Scripting
|
CVE-2015-1366
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276900
|
- |
|
pixabay_images_project
|
pixabay_images
|
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
|
CWE-22
Path Traversal
|
CVE-2015-1365
|
2024-11-21 11:25 |
2015-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
