Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27910 of 28407

CVE-2015-5469

Posted by Cyberthreat Blog | May 22, 2017 | CVE Notifications |

Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.

CVE-2015-4046

Posted by Cyberthreat Blog | May 22, 2017 | CVE Notifications |

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.

CVE-2015-5609

Posted by Cyberthreat Blog | May 22, 2017 | CVE Notifications |

Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.

CVE-2015-5381

Posted by Cyberthreat Blog | May 22, 2017 | CVE Notifications |

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

CVE-2015-5682

Posted by Cyberthreat Blog | May 22, 2017 | CVE Notifications |

upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.

Author: Cyberthreat Blog

CVE-2015-5469

CVE-2015-4046

CVE-2015-5609

CVE-2015-5381

CVE-2015-5682