|
280261
|
- |
|
piwigo
|
piwigo
|
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh ph…
|
CWE-89
SQL Injection
|
CVE-2015-1517
|
2024-11-21 11:25 |
2015-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280262
|
- |
|
image_metadata_cruncher_project
|
image_metadata_cruncher
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that …
|
CWE-352
Origin Validation Error
|
CVE-2015-1614
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280263
|
- |
|
adminsystems_cms_project
|
adminsystems_cms
|
Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable exten…
|
CWE-20
Improper Input Validation
|
CVE-2015-1604
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280264
|
- |
|
adminsystems_cms_project
|
adminsystems_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id pa…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1603
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280265
|
- |
|
debian
sixapart
|
debian_linux
movable_type
|
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and …
|
CWE-74
Injection
|
CVE-2015-1592
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280266
|
- |
|
maarch
|
letterbox
gec\/ged
|
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file w…
|
NVD-CWE-Other
|
CVE-2015-1587
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280267
|
- |
|
fatfreecrm
|
fat_free_crm
|
Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creat…
|
CWE-352
Origin Validation Error
|
CVE-2015-1585
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280268
|
- |
|
softsphere
|
defensewall_personal_firewall
|
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x002…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1515
|
2024-11-21 11:25 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280269
|
- |
|
isc
|
bind
|
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of servic…
|
CWE-399
Resource Management Errors
|
CVE-2015-1349
|
2024-11-21 11:25 |
2015-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280270
|
- |
|
siemens
|
wincc
|
The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime f…
|
CWE-310
Cryptographic Issues
|
CVE-2015-1358
|
2024-11-21 11:25 |
2015-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
