CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4351
https://notcve.org/view.php?id=CVE-2015-4351
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL. El módulo Spider Video Player para Drupal permite a usuarios remotos autenticados con el permiso 'acceso a la administración de Spider Video Player' eliminas ficheros arbitrarios a través de una URL manipulada. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/72817 https://www.drupal.org/node/2437981 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4350
https://notcve.org/view.php?id=CVE-2015-4350
Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors. Múltiples vulnerabilidades de CSRF en el módulo Spider Catalog para Drupal permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que eliminan (1) productos, (2) calificaciones o (3) categorías a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/72798 https://www.drupal.org/node/2437977 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4352
https://notcve.org/view.php?id=CVE-2015-4352
Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors. Vulnerabilidad de CSRF en el módulo Spider Video Player para Drupal permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que eliminan vídeos a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/72817 https://www.drupal.org/node/2437981 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 3CVE-2015-2562 – Joomla! Component ECommerce-WD 1.2.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-2562
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente Web-Dorado ECommerce WD (com_ecommercewd) 1.2.5 de Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de (1) search_category_id, (2) sort_order, o (3) filter_manufacturer_ids ien una acción displayproducts a index.php. • https://www.exploit-db.com/exploits/36439 http://packetstormsecurity.com/files/130896/Joomla-ECommerce-WD-1.2.5-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Mar/123 http://www.securityfocus.com/bid/73285 - • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2015-2196 – SpiderCalendar <= 1.4.9 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2015-2196
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. Vulnerabilidad de inyección SQL en Spider Event Calendar 1.4.9 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro cat_id en una acción spiderbigcalendar_month en wp-admin/admin-ajax.php. • https://www.exploit-db.com/exploits/36061 http://www.exploit-db.com/exploits/36061 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •