|
271131
|
8.8 |
HIGH
Network
|
codepeople
|
cp_contact_form_with_paypal
|
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.in…
|
CWE-352
Origin Validation Error
|
CVE-2015-9233
|
2024-11-21 11:40 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271132
|
5.3 |
MEDIUM
Network
|
good
|
good_for_enterprise
|
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does no…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2015-9232
|
2024-11-21 11:40 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271133
|
7.5 |
HIGH
Network
|
iterm2
|
iterm2
|
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.2015…
|
CWE-200
Information Exposure
|
CVE-2015-9231
|
2024-11-21 11:40 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271134
|
4.8 |
MEDIUM
Network
|
ait-pro
|
bulletproof_security
|
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefi…
|
CWE-79
Cross-site Scripting
|
CVE-2015-9230
|
2024-11-21 11:40 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271135
|
4.8 |
MEDIUM
Network
|
imagely
|
nextgen_gallery
|
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9229
|
2024-11-21 11:40 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271136
|
8.8 |
HIGH
Network
|
imagely
|
nextgen_gallery
|
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-9228
|
2024-11-21 11:40 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271137
|
7.2 |
HIGH
Network
|
alegrocart
|
alegrocart
|
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL i…
|
CWE-94
Code Injection
|
CVE-2015-9227
|
2024-11-21 11:40 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271138
|
7.2 |
HIGH
Network
|
alegrocart
|
alegrocart
|
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_fi…
|
CWE-89
SQL Injection
|
CVE-2015-9226
|
2024-11-21 11:40 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271139
|
7.8 |
HIGH
Local
|
microsoft
|
windows_rt_8.1
windows_server_2012
windows_7
windows_10
windows_server_2016
windows_8.1
windows_server_2008
windows_vista
|
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-0026
|
2024-11-21 11:40 |
2016-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271140
|
5.5 |
MEDIUM
Local
|
microsoft
|
outlook_web_access
|
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements…
|
CWE-200
Information Exposure
|
CVE-2016-0028
|
2024-11-21 11:40 |
2016-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
