• CVE-2015-2789
    on 30 marca 2015 at 00:00

    Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. (CVSS:4.4) (Last Update:2016-12-02)

  • CVE-2015-2790
    on 30 marca 2015 at 00:00

    Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. (CVSS:4.3) (Last Update:2016-12-02)

  • CVE-2015-2701
    on 25 marca 2015 at 00:00

    Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. (CVSS:6.8) (Last Update:2016-12-02)

  • CVE-2015-2678
    on 23 marca 2015 at 00:00

    Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php. (CVSS:4.3) (Last Update:2016-12-02)

  • CVE-2015-2679
    on 23 marca 2015 at 00:00

    Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. (CVSS:7.5) (Last Update:2016-12-02)

  • CVE-2015-2680
    on 23 marca 2015 at 00:00

    Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php. (CVSS:6.8) (Last Update:2016-12-02)

  • CVE-2015-2564
    on 20 marca 2015 at 00:00

    SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. (CVSS:6.5) (Last Update:2018-10-09)

  • CVE-2015-2275
    on 12 marca 2015 at 00:00

    Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy. (CVSS:4.3) (Last Update:2018-10-09)

  • CVE-2015-2208
    on 12 marca 2015 at 00:00

    The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. (CVSS:7.5) (Last Update:2015-03-12)

  • CVE-2015-2182
    on 11 marca 2015 at 00:00

    Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322. (CVSS:4.3) (Last Update:2015-03-11)

  • CVE-2015-2183
    on 10 marca 2015 at 00:00

    Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/. (CVSS:7.5) (Last Update:2015-07-28)

  • CVE-2015-2184
    on 10 marca 2015 at 00:00

    ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. (CVSS:5.0) (Last Update:2015-03-11)

  • CVE-2015-2218
    on 5 marca 2015 at 00:00

    Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. (CVSS:4.3) (Last Update:2016-12-02)

  • CVE-2015-2216
    on 5 marca 2015 at 00:00

    SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. (CVSS:7.5) (Last Update:2016-12-02)

  • CVE-2015-2198
    on 3 marca 2015 at 00:00

    Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message. (CVSS:4.3) (Last Update:2015-03-04)

  • CVE-2015-2196
    on 3 marca 2015 at 00:00

    SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. (CVSS:7.5) (Last Update:2015-03-04)

  • CVE-2015-2199
    on 3 marca 2015 at 00:00

    Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. (CVSS:6.5) (Last Update:2015-03-04)

  • CVE-2015-2102
    on 27 lutego 2015 at 00:00

    SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. (CVSS:7.5) (Last Update:2018-10-09)

  • CVE-2015-2090
    on 26 lutego 2015 at 00:00

    SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php. (CVSS:7.5) (Last Update:2016-11-29)

  • CVE-2015-2084
    on 25 lutego 2015 at 00:00

    Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php. (CVSS:6.8) (Last Update:2016-11-29)

  • CVE-2015-2067
    on 24 lutego 2015 at 00:00

    Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. (CVSS:5.0) (Last Update:2016-11-29)

  • CVE-2015-2068
    on 24 lutego 2015 at 00:00

    Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php. (CVSS:4.3) (Last Update:2016-11-29)

  • CVE-2015-2070
    on 24 lutego 2015 at 00:00

    SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed. (CVSS:7.5) (Last Update:2016-11-29)

  • CVE-2015-2065
    on 24 lutego 2015 at 00:00

    SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php. (CVSS:7.5) (Last Update:2016-11-29)

  • CVE-2015-2071
    on 24 lutego 2015 at 00:00

    Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter. (CVSS:4.0) (Last Update:2016-11-29)

  • CVE-2015-2055
    on 23 lutego 2015 at 00:00

    Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter. (CVSS:7.8) (Last Update:2016-11-29)

  • CVE-2015-1587
    on 19 lutego 2015 at 00:00

    Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/. (CVSS:7.5) (Last Update:2015-02-20)

  • CVE-2015-1575
    on 11 lutego 2015 at 00:00

    Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php. (CVSS:4.3) (Last Update:2015-02-12)

  • CVE-2015-1577
    on 11 lutego 2015 at 00:00

    Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter. (CVSS:6.4) (Last Update:2015-02-12)

  • CVE-2015-1579
    on 11 lutego 2015 at 00:00

    Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734. (CVSS:5.0) (Last Update:2017-07-17)

Utrzymujemy Państwa dane w tajemnicy. Więcej informacji można znaleźć w naszej Polityce Prywatności.