Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-08-18 | CVE-2015-5487 | Cross-site Scripting vulnerability in Techsmith Camtasia Relay Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab. | 4.3 |
2015-08-18 | CVE-2015-5482 | Path Traversal vulnerability in Dev4Press GD Bbpress Attachments Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. | 4.0 |
2015-08-18 | CVE-2015-5481 | Cross-site Scripting vulnerability in Dev4Press GD Bbpress Attachments Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. | 4.3 |
2015-08-18 | CVE-2015-4670 | Path Traversal vulnerability in Devexpress Ajax Control Toolkit 15.0 Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. | 6.4 |
2015-08-18 | CVE-2015-4426 | SQL Injection vulnerability in Pimcore SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. | 7.5 |
2015-08-18 | CVE-2015-4425 | Path Traversal vulnerability in Pimcore Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. | 4.9 |
2015-08-18 | CVE-2015-6516 | SQL Injection vulnerability in Cygnux Syspass SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php. | 6.5 |
2015-08-18 | CVE-2015-6515 | Cross-site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header. | 4.3 |
2015-08-18 | CVE-2015-6514 | Cross-site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-08-18 | CVE-2015-6513 | SQL Injection vulnerability in J2Store Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php. | 7.5 |