CVE-2015-5321

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...

CVE-2015-5324

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...

CVE-2015-5324

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...

Centreon 2.6.x < 2.6.2 File Upload RCE

According to its version number, the Centreon application hosted on the remote web server is 2.6.x prior to 2.6.2. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of user-uploaded files via the main.php script. An authenticated, remote attacker can...

h5ai arbitrary file upload vulnerability

h5ai is a software developer Lars Jung developed a set of HTTP Web server for creating file indexing software. An arbitrary file upload vulnerability exists in versions of h5ai prior to 0.25.0. A remote attacker can exploit this vulnerability by uploading an executable file and sending a direct...

Unrestricted file upload

Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the href parameter...

CVE-2015-3203

Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the href parameter...

Unrestricted file upload

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/myimage/image.php...

Seagate and LaCie Multiple Wireless Storage Products Direct Request Vulnerabilities

Seagate is the world's largest manufacturer of hard drives, disks and read/write heads, headquartered in California. A direct request vulnerability exists in several Seagate and LaCie wireless storage products, which can be exploited by an attacker to download arbitrary files directly from the fi...

CVE-2015-6520

IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request...

CVE-2015-6520

Removed by vendor...

CVE-2015-6520

IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request...

Authentication flaw

Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request...

Unrestricted file upload

Unrestricted file upload vulnerability in the Job Fair jobfair extension before 1.0.1 for TYPO3, when using Apache with modmime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the extension...

Unrestricted file upload

Unrestricted file upload vulnerability in the Frontend User Upload feupload extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a direct request to the file in the...

CVE-2015-4606

Unrestricted file upload vulnerability in the Job Fair jobfair extension before 1.0.1 for TYPO3, when using Apache with modmime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the extension...

Unrestricted file upload

Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/userphoto/...

ThemeMakers Themes - Information Disclosure

Description Multiple themes from ThemeMaker allow remote attackers to obtain sensitive information such as userlogin, userpass, and useremail values via a direct request for the /wp-content/uploads/tmmdbmigrate/wpusers.dat file...

WordPress Search N Save Plugin - Full Path Disclosure

This plugin is prone to a SearchNSave/errorlog direct request path disclosure. Solution Upgrade the plugin...

Unrestricted file upload

Unrestricted file upload vulnerability in goaudiostore.php in the audiostore Voice Files upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reque...