{"vulnerability": "cve-2015-1000", "sightings": [{"uuid": "14240360-1d86-4fb0-b827-a021119b13f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-10007", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11422", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2015-10007\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\ud83d\udccf Published: 2023-01-02T10:32:12.484Z\n\ud83d\udccf Modified: 2025-04-11T13:42:00.372Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.217184\n2. https://vuldb.com/?ctiid.217184\n3. https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", "creation_timestamp": "2025-04-11T13:51:14.000000Z"}, {"uuid": "ba669171-09ec-4a2b-aec8-0bb74eb3db43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-1000013", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lsjzkche4y2e", "content": "", "creation_timestamp": "2025-06-26T21:02:21.118836Z"}, {"uuid": "69dd18ac-12b3-4a58-979f-a03c442bfe08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-10008", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11354", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2015-10008\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The identifier of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier VDB-217185 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\ud83d\udccf Published: 2023-01-02T10:33:17.872Z\n\ud83d\udccf Modified: 2025-04-10T20:29:04.081Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.217185\n2. https://vuldb.com/?ctiid.217185\n3. https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4", "creation_timestamp": "2025-04-10T20:49:58.000000Z"}, {"uuid": "49d9fbc0-6b69-4475-8cd9-83569384279d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-10002", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11825", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2015-10002\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component.\n\ud83d\udccf Published: 2022-03-28T18:00:15.000Z\n\ud83d\udccf Modified: 2025-04-15T14:45:44.559Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.118359", "creation_timestamp": "2025-04-15T14:55:05.000000Z"}, {"uuid": "7b4494df-dccb-498d-b852-4da6b13ddb58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-10003", "type": "seen", "source": "https://t.me/cibsecurity/46381", "content": "\u203c CVE-2015-10003 \u203c\n\nA vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-17T12:27:31.000000Z"}, {"uuid": "6a1ffd9f-c7a5-4af3-bfab-300d34ce45a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-10006", "type": "seen", "source": "https://t.me/cibsecurity/55726", "content": "\u203c CVE-2015-10006 \u203c\n\nA vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-01T20:15:44.000000Z"}, {"uuid": "c1665944-e9f1-4299-94c6-886b3add6c47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-10009", "type": "seen", "source": "https://t.me/cibsecurity/55740", "content": "\u203c CVE-2015-10009 \u203c\n\nA vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is fba7d89176fba8fe289edd58835fe45080797d99. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217187.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-02T18:30:25.000000Z"}, {"uuid": "f94d4f06-2499-4fd4-b787-ed7f56a1c58a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-10007", "type": "seen", "source": "https://t.me/cibsecurity/55737", "content": "\u203c CVE-2015-10007 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-02T14:30:51.000000Z"}, {"uuid": "ae264ea8-1a8f-450d-9d51-5fe0cbe7dbd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-10008", "type": "seen", "source": "https://t.me/cibsecurity/55736", "content": "\u203c CVE-2015-10008 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier VDB-217185 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-02T14:30:50.000000Z"}, {"uuid": "c677e15b-8618-4acc-be67-69b93f3b1b0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-10004", "type": "seen", "source": "https://t.me/cibsecurity/55456", "content": "\u203c CVE-2015-10004 \u203c\n\nToken validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T00:12:11.000000Z"}]}