|
280131
|
9.8 |
CRITICAL
Network
|
connx
|
esp_hr_management
|
SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx.
|
CWE-89
SQL Injection
|
CVE-2015-4043
|
2024-11-21 11:30 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280132
|
8.8 |
HIGH
Network
|
vestacp
|
control_panel
|
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
|
CWE-78
OS Command
|
CVE-2015-4117
|
2024-11-21 11:30 |
2018-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280133
|
6.1 |
MEDIUM
Network
|
bonitasoft
|
bonita_bpm_portal
|
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirec…
|
CWE-601
Open Redirect
|
CVE-2015-3898
|
2024-11-21 11:30 |
2018-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280134
|
8.8 |
HIGH
Network
|
codestyling_localization_project
|
codestyling_localization
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress.
|
CWE-352
Origin Validation Error
|
CVE-2015-4179
|
2024-11-21 11:30 |
2018-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280135
|
7.5 |
HIGH
Network
|
jolla
|
sailfish_os
|
Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL.
|
CWE-284
Improper Access Control
|
CVE-2015-3888
|
2024-11-21 11:30 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280136
|
6.8 |
MEDIUM
Network
|
puppet
|
puppet_enterprise
|
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Author…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-4100
|
2024-11-21 11:30 |
2017-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280137
|
9.8 |
CRITICAL
Network
|
fiyo
|
fiyo_cms
|
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user pa…
|
CWE-89
SQL Injection
|
CVE-2015-3934
|
2024-11-21 11:30 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280138
|
9.8 |
CRITICAL
Network
|
metalgenix
|
genixcms
|
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) …
|
CWE-89
SQL Injection
|
CVE-2015-3933
|
2024-11-21 11:30 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280139
|
7.8 |
HIGH
Local
|
proxychains-ng_project
|
proxychains-ng
|
Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referen…
|
CWE-426
Untrusted Search Path
|
CVE-2015-3887
|
2024-11-21 11:30 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280140
|
7.5 |
HIGH
Network
|
litespeedtech
|
openlitespeed
|
Use-after-free vulnerability in Open Litespeed before 1.3.10.
|
CWE-416
Use After Free
|
CVE-2015-3890
|
2024-11-21 11:30 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
