CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7360 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ser… | |||
| CVE-2015-8834 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored… | |||
| CVE-2015-5714 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during proces… | |||
| CVE-2015-8807 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Web… | |||
| CVE-2015-8606 | medium | 6.1 | 6.1 | 10y ago | Silverstripe CMS XSS Vulnerability | |||
| CVE-2015-8682 | medium | 6.1 | 6.1 | 10y ago | The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL… | |||
| CVE-2015-7520 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow re… | |||
| CVE-2015-5347 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.… | |||
| CVE-2015-3268 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to … | |||
| CVE-2015-0265 | medium | 6.1 | 6.1 | 10y ago | Apache Ranger Cross-site Scripting vulnerability | |||
| CVE-2015-5968 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-8524 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inj… | |||
| CVE-2015-7457 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted U… | |||
| CVE-2015-5337 | medium | 6.1 | 6.1 | 10y ago | Moodle XSS Vulnerability | |||
| CVE-2015-3275 | medium | 6.1 | 6.1 | 10y ago | Moodle multiple cross-site scripting (XSS) vulnerabilities | |||
| CVE-2015-3274 | medium | 6.1 | 6.1 | 10y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2015-7798 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2015-7797 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2015-7796 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2015-7795 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2015-8797 | medium | 6.1 | 6.1 | 10y ago | Improper Neutralization of Input During Web Page Generation in Apache Solr | |||
| CVE-2015-8796 | medium | 6.1 | 6.1 | 10y ago | Apache Solr Cross-site scripting Vulnerability | |||
| CVE-2015-8795 | medium | 6.1 | 6.1 | 10y ago | Improper Neutralization of Input During Web Page Generation in Apache Solr | |||
| CVE-2015-8531 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a … | |||
| CVE-2015-7679 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/. | |||
| CVE-2015-8793 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox pa… | |||
| CVE-2015-7439 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA… | |||
| CVE-2015-6337 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a … | |||
| CVE-2015-7579 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that i… | |||
| CVE-2015-7580 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web sc… | |||
| CVE-2015-7578 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag at… | |||
| CVE-2015-5008 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers … | |||
| CVE-2015-5002 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-4959 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-8685 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the ba… | |||
| CVE-2015-7565 | medium | 6.1 | 6.1 | 11y ago | ember-source Cross-site Scripting vulnerability | |||
| CVE-2015-6117 | medium | 6.1 | 6.1 | 11y ago | Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) a… | |||
| CVE-2015-7242 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM … | |||
| CVE-2015-4671 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php. | |||
| CVE-2015-7706 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to api/v3/public/shar… | |||
| CVE-2015-8510 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary w… | |||
| CVE-2015-8766 | medium | 6.1 | 6.1 | 11y ago | Symphony CMS XSS Vulnerabilities | |||
| CVE-2015-8376 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter … | |||
| CVE-2015-8760 | medium | 6.1 | 6.1 | 11y ago | TYPO3 allows remote attackers to embed Flash videos from external domain | |||
| CVE-2015-8757 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vect… | |||
| CVE-2015-6434 | medium | 6.1 | 6.1 | 11y ago | Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted we… | |||
| CVE-2015-7431 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-6017 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2015-2918 | medium | 6.1 | 6.1 | 11y ago | OrientDB Studio web management interface is vulnerable to clickjacking attacks | |||
| CVE-2015-7790 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-7782 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Let's PHP! Frame high-speed chat before 2015-09-22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-7786 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2015-7783 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-7927 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4998 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 a… | |||
| CVE-2015-4993 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 a… | |||
| CVE-2015-6359 | medium | — | 6.1 | 11y ago | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (m… | |||
| CVE-2015-9097 | medium | 6.1 | 6.1 | 11y ago | The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences imm… | |||
| CVE-2015-6546 | medium | — | 6.1 | 11y ago | The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebA… | |||
| CVE-2015-5156 | medium | — | 6.1 | 11y ago | The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a d… | |||
| CVE-2015-6311 | medium | — | 6.1 | 11y ago | Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i manage… | |||
| CVE-2015-6307 | medium | — | 6.1 | 11y ago | Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu1… | |||
| CVE-2015-6294 | medium | — | 6.1 | 11y ago | Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID C… | |||
| CVE-2015-6277 | medium | — | 6.1 | 11y ago | The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and … | |||
| CVE-2015-4323 | medium | — | 6.1 | 11y ago | Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus … | |||
| CVE-2015-4324 | medium | — | 6.1 | 11y ago | Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexu… | |||
| CVE-2015-4243 | medium | — | 6.1 | 11y ago | The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Requ… | |||
| CVE-2015-4241 | medium | — | 6.1 | 11y ago | Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCut52… | |||
| CVE-2015-4239 | medium | — | 6.1 | 11y ago | Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local networ… | |||
| CVE-2015-4215 | medium | — | 6.1 | 11y ago | Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwa… | |||
| CVE-2015-4197 | medium | — | 6.1 | 11y ago | Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415. | |||
| CVE-2015-2340 | medium | — | 6.1 | 11y ago | TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode… | |||
| CVE-2015-2339 | medium | — | 6.1 | 11y ago | TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mod… | |||
| CVE-2015-2338 | medium | — | 6.1 | 11y ago | TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mod… | |||
| CVE-2015-0756 | medium | — | 6.1 | 11y ago | Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka B… | |||
| CVE-2015-0723 | medium | — | 6.1 | 11y ago | The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device … | |||
| CVE-2015-0731 | medium | — | 6.1 | 11y ago | The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. | |||
| CVE-2015-0710 | medium | — | 6.1 | 11y ago | The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversi… | |||
| CVE-2015-0708 | medium | — | 6.1 | 11y ago | Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local … | |||
| CVE-2015-1866 | medium | 6.1 | 6.1 | 11y ago | ember-source vulnerable to Cross-site Scripting | |||
| CVE-2015-0679 | medium | — | 6.1 | 11y ago | The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed pass… | |||
| CVE-2015-0006 | medium | — | 6.1 | 12y ago | The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 201… | |||
| CVE-2015-7549 | medium | 6.0 | 6.0 | 9y ago | The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveragin… | |||
| CVE-2015-8551 | medium | 6.0 | 6.0 | 10y ago | The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of se… | |||
| CVE-2015-5242 | medium | — | 6.0 | 11y ago | OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a cra… | |||
| CVE-2015-7254 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. | |||
| CVE-2015-5285 | medium | — | 6.0 | 11y ago | CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. | |||
| CVE-2015-7902 | medium | — | 6.0 | 11y ago | Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to … | |||
| CVE-2015-4887 | medium | — | 6.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unk… | |||
| CVE-2015-4964 | medium | — | 6.0 | 11y ago | IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by… | |||
| CVE-2015-2026 | medium | — | 6.0 | 11y ago | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrar… | |||
| CVE-2015-6943 | medium | — | 6.0 | 11y ago | SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allow… | |||
| CVE-2015-6830 | medium | — | 6.0 | 11y ago | phpMyAdmin ReCaptcha bypass | |||
| CVE-2015-6908 | medium | — | 6.0 | 11y ago | The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER dat… | |||
| CVE-2015-5412 | medium | — | 6.0 | 11y ago | Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via … | |||
| CVE-2015-5408 | medium | — | 6.0 | 11y ago | HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1… | |||
| CVE-2015-5407 | medium | — | 6.0 | 11y ago | HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1… | |||
| CVE-2015-1830 | medium | — | 6.0 | 11y ago | Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ | |||
| CVE-2015-5509 | medium | — | 6.0 | 11y ago | The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators… | |||
| CVE-2015-6512 | medium | — | 6.0 | 11y ago | SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to se… |