CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8729 | medium | 5.5 | 6.5 | 11y ago | The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a da… | |||
| CVE-2015-8728 | medium | 5.5 | 6.5 | 11y ago | The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.… | |||
| CVE-2015-8727 | medium | 5.5 | 6.5 | 11y ago | The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which all… | |||
| CVE-2015-8726 | medium | 5.5 | 6.5 | 11y ago | wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote… | |||
| CVE-2015-8725 | medium | 5.5 | 6.5 | 11y ago | The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv… | |||
| CVE-2015-8724 | medium | 5.5 | 6.5 | 11y ago | The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, whi… | |||
| CVE-2015-8723 | medium | 5.5 | 6.5 | 11y ago | The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total lengt… | |||
| CVE-2015-7422 | medium | 5.5 | 6.5 | 11y ago | Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2015-7456 | medium | 6.5 | 6.5 | 11y ago | IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. | |||
| CVE-2015-6004 | medium | 6.5 | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.a… | |||
| CVE-2015-6431 | medium | 6.5 | 6.5 | 11y ago | Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405. | |||
| CVE-2015-8377 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serializ… | |||
| CVE-2015-6361 | medium | — | 6.5 | 11y ago | The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw8617… | |||
| CVE-2015-6417 | medium | — | 6.5 | 11y ago | Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to databa… | |||
| CVE-2015-6395 | medium | — | 6.5 | 11y ago | Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID C… | |||
| CVE-2015-5323 | medium | — | 6.5 | 11y ago | Jenkins allows Administrators to Access API Tokens | |||
| CVE-2015-6380 | medium | — | 6.5 | 11y ago | An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via c… | |||
| CVE-2015-7773 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an … | |||
| CVE-2015-7712 | medium | — | 6.5 | 11y ago | Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary… | |||
| CVE-2015-7774 | medium | — | 6.5 | 11y ago | PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | |||
| CVE-2015-4966 | medium | — | 6.5 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFI… | |||
| CVE-2015-1989 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-6316 | medium | — | 6.5 | 11y ago | The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by … | |||
| CVE-2015-5673 | medium | — | 6.5 | 11y ago | eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an … | |||
| CVE-2015-3270 | medium | — | 6.5 | 11y ago | Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. | |||
| CVE-2015-6350 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. | |||
| CVE-2015-6345 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug… | |||
| CVE-2015-5669 | medium | — | 6.5 | 11y ago | Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. | |||
| CVE-2015-6486 | medium | — | 6.5 | 11y ago | SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via u… | |||
| CVE-2015-4900 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and av… | |||
| CVE-2015-4888 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability … | |||
| CVE-2015-7682 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1… | |||
| CVE-2015-1806 | medium | — | 6.5 | 11y ago | Jenkins allows for Privilege Escalation by Remote Authenticated Users | |||
| CVE-2015-7729 | medium | — | 6.5 | 11y ago | Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via uns… | |||
| CVE-2015-7727 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via un… | |||
| CVE-2015-7725 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remo… | |||
| CVE-2015-6331 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID… | |||
| CVE-2015-6329 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. | |||
| CVE-2015-5659 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5648 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5645 | medium | — | 6.5 | 11y ago | ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. | |||
| CVE-2015-5642 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5641 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5640 | medium | — | 6.5 | 11y ago | baserCMS Access Control Bypass | |||
| CVE-2015-4967 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 a… | |||
| CVE-2015-5703 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4542 | medium | — | 6.5 | 11y ago | EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. | |||
| CVE-2015-7310 | medium | — | 6.5 | 11y ago | McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before … | |||
| CVE-2015-6299 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug… | |||
| CVE-2015-5274 | medium | — | 6.5 | 11y ago | rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker. | |||
| CVE-2015-6968 | medium | — | 6.5 | 11y ago | Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbi… | |||
| CVE-2015-6743 | medium | — | 6.5 | 11y ago | Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge … | |||
| CVE-2015-6742 | medium | — | 6.5 | 11y ago | Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge… | |||
| CVE-2015-5431 | medium | — | 6.5 | 11y ago | HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2015-5405 | medium | — | 6.5 | 11y ago | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify da… | |||
| CVE-2015-2140 | medium | — | 6.5 | 11y ago | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify … | |||
| CVE-2015-5410 | medium | — | 6.5 | 11y ago | HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors. | |||
| CVE-2015-3238 | medium | 6.5 | 6.5 | 11y ago | The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial … | |||
| CVE-2015-4329 | medium | — | 6.5 | 11y ago | The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID … | |||
| CVE-2015-4303 | medium | — | 6.5 | 11y ago | Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parame… | |||
| CVE-2015-4298 | medium | — | 6.5 | 11y ago | Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors,… | |||
| CVE-2015-2058 | medium | — | 6.5 | 11y ago | c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other u… | |||
| CVE-2015-1487 | medium | — | 6.5 | 11y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator pri… | |||
| CVE-2015-4276 | medium | — | 6.5 | 11y ago | Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. | |||
| CVE-2015-2617 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition. | |||
| CVE-2015-2595 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unk… | |||
| CVE-2015-1761 | medium | — | 6.5 | 11y ago | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain pr… | |||
| CVE-2015-5459 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary… | |||
| CVE-2015-4129 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie. | |||
| CVE-2015-4524 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18… | |||
| CVE-2015-4233 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037. | |||
| CVE-2015-5149 | medium | — | 6.5 | 11y ago | Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Reque… | |||
| CVE-2015-0126 | medium | — | 6.5 | 11y ago | IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users … | |||
| CVE-2015-1974 | medium | — | 6.5 | 11y ago | The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows … | |||
| CVE-2015-5078 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the close… | |||
| CVE-2015-4222 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug… | |||
| CVE-2015-4713 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. | |||
| CVE-2015-4676 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action. | |||
| CVE-2015-4628 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands vi… | |||
| CVE-2015-4338 | medium | — | 6.5 | 11y ago | Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field… | |||
| CVE-2015-4336 | medium | — | 6.5 | 11y ago | cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrat… | |||
| CVE-2015-4613 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4612 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vec… | |||
| CVE-2015-4611 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4610 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4609 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-2952 | medium | — | 6.5 | 11y ago | The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and… | |||
| CVE-2015-3993 | medium | — | 6.5 | 11y ago | Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table. | |||
| CVE-2015-0768 | medium | — | 6.5 | 11y ago | The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated u… | |||
| CVE-2015-1945 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privilege… | |||
| CVE-2015-1392 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1013 | medium | — | 6.5 | 11y ago | OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended comm… | |||
| CVE-2015-1008 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. | |||
| CVE-2015-0540 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via un… | |||
| CVE-2015-0161 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands v… | |||
| CVE-2015-0750 | medium | — | 6.5 | 11y ago | The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fiel… | |||
| CVE-2015-0916 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CV… | |||
| CVE-2015-0715 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspe… | |||
| CVE-2015-0912 | medium | — | 6.5 | 11y ago | EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors. | |||
| CVE-2015-3458 | medium | — | 6.5 | 11y ago | The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a templat… |