|
211481
|
9.8 |
CRITICAL
Network
|
skyboxsecurity
|
skybox_platform
|
An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/ser…
|
CWE-20
Improper Input Validation
|
CVE-2015-9246
|
2024-11-21 11:40 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211482
|
9.8 |
CRITICAL
Network
|
progress
|
openedge
|
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via…
|
CWE-284
Improper Access Control
|
CVE-2015-9245
|
2024-11-21 11:40 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211483
|
7.2 |
HIGH
Network
|
cfpaypal
|
cp_contact_form_with_paypal
|
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.
|
CWE-89
SQL Injection
|
CVE-2015-9234
|
2024-11-21 11:40 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211484
|
8.8 |
HIGH
Network
|
codepeople
|
cp_contact_form_with_paypal
|
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.in…
|
CWE-352
Origin Validation Error
|
CVE-2015-9233
|
2024-11-21 11:40 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211485
|
5.3 |
MEDIUM
Network
|
good
|
good_for_enterprise
|
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does no…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2015-9232
|
2024-11-21 11:40 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211486
|
7.5 |
HIGH
Network
|
iterm2
|
iterm2
|
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.2015…
|
CWE-200
Information Exposure
|
CVE-2015-9231
|
2024-11-21 11:40 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211487
|
4.8 |
MEDIUM
Network
|
ait-pro
|
bulletproof_security
|
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefi…
|
CWE-79
Cross-site Scripting
|
CVE-2015-9230
|
2024-11-21 11:40 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211488
|
4.8 |
MEDIUM
Network
|
imagely
|
nextgen_gallery
|
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9229
|
2024-11-21 11:40 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211489
|
8.8 |
HIGH
Network
|
imagely
|
nextgen_gallery
|
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-9228
|
2024-11-21 11:40 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211490
|
7.2 |
HIGH
Network
|
alegrocart
|
alegrocart
|
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL i…
|
CWE-94
Code Injection
|
CVE-2015-9227
|
2024-11-21 11:40 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
