|
271051
|
10.0 |
CRITICAL
Network
|
mailenable
|
mailenable
|
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
|
CWE-611
XXE
|
CVE-2015-9280
|
2024-11-21 11:40 |
2019-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271052
|
6.1 |
MEDIUM
Network
|
mailenable
|
mailenable
|
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9279
|
2024-11-21 11:40 |
2019-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271053
|
9.8 |
CRITICAL
Network
|
mailenable
|
mailenable
|
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
|
CWE-255
Credentials Management
|
CVE-2015-9278
|
2024-11-21 11:40 |
2019-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271054
|
9.1 |
CRITICAL
Network
|
mailenable
|
mailenable
|
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.
|
CWE-22
Path Traversal
|
CVE-2015-9277
|
2024-11-21 11:40 |
2019-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271055
|
6.1 |
MEDIUM
Network
|
smartertools
|
smartermail
|
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2015-9276
|
2024-11-21 11:40 |
2019-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271056
|
5.3 |
MEDIUM
Network
|
arc_project
|
arc
|
ARC 5.21q allows directory traversal via a full pathname in an archive file.
|
CWE-22
Path Traversal
|
CVE-2015-9275
|
2024-11-21 11:40 |
2019-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271057
|
6.5 |
MEDIUM
Network
|
harfbuzz_project
|
harfbuzz
|
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-t…
|
CWE-125
Out-of-bounds Read
|
CVE-2015-9274
|
2024-11-21 11:40 |
2018-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271058
|
6.1 |
MEDIUM
Network
|
wp-slimstat
|
slimstat_analytics
|
The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9273
|
2024-11-21 11:40 |
2018-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271059
|
9.8 |
CRITICAL
Network
|
videowhisper
|
video_presentation
|
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four charact…
|
CWE-94
Code Injection
|
CVE-2015-9272
|
2024-11-21 11:40 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271060
|
9.8 |
CRITICAL
Network
|
videowhisper
|
video_conference
|
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-9271
|
2024-11-21 11:40 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
