|
280871
|
5.5 |
MEDIUM
Local
|
gnu
|
glibc
|
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstra…
|
CWE-120
Classic Buffer Overflow
|
CVE-2015-20109
|
2024-11-21 11:26 |
2023-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280872
|
9.8 |
CRITICAL
Network
|
onelogin
|
ruby-saml
|
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
|
CWE-77
Command Injection
|
CVE-2015-20108
|
2024-11-21 11:26 |
2023-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280873
|
5.5 |
MEDIUM
Local
|
ibm
suse
redhat
|
java_sdk
linux_enterprise_server
linux_enterprise_software_development_kit
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
satellite
enterprise_linu…
|
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores pl…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2015-1931
|
2024-11-21 11:26 |
2022-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280874
|
6.5 |
MEDIUM
Network
|
imagely
|
nextgen_gallery
|
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the applicati…
|
CWE-352
Origin Validation Error
|
CVE-2015-1785
|
2024-11-21 11:26 |
2022-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280875
|
8.8 |
HIGH
Network
|
imagely
|
nextgen_gallery
|
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the applicati…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-1784
|
2024-11-21 11:26 |
2022-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280876
|
7.6 |
HIGH
Network
|
python
netapp
fedoraproject
|
python
snapcenter
ontap_select_deploy_administration_utility
active_iq_unified_manager
fedora
|
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into app…
|
CWE-77
Command Injection
|
CVE-2015-20107
|
2024-11-21 11:26 |
2022-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280877
|
4.8 |
MEDIUM
Network
|
cbads
|
clickbank_affiliate_ads
|
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallow…
|
-
|
CVE-2015-20106
|
2024-11-21 11:26 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280878
|
9.6 |
CRITICAL
Network
|
cbads
|
clickbank_affiliate_ads
|
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due …
|
-
|
CVE-2015-20105
|
2024-11-21 11:26 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280879
|
7.5 |
HIGH
Network
|
wp_attachment_export_project
|
wp_attachment_export
|
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on…
|
-
|
CVE-2015-20067
|
2024-11-21 11:26 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280880
|
5.4 |
MEDIUM
Network
|
content_text_slider_on_post_project
|
content_text_slider_on_post
|
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues
|
-
|
CVE-2015-20019
|
2024-11-21 11:26 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
