CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8766 | medium | 6.1 | 6.1 | 11y ago | Symphony CMS XSS Vulnerabilities | |||
| CVE-2015-8376 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter … | |||
| CVE-2015-8760 | medium | 6.1 | 6.1 | 11y ago | TYPO3 allows remote attackers to embed Flash videos from external domain | |||
| CVE-2015-8757 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vect… | |||
| CVE-2015-6434 | medium | 6.1 | 6.1 | 11y ago | Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted we… | |||
| CVE-2015-7431 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-6017 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2015-2918 | medium | 6.1 | 6.1 | 11y ago | OrientDB Studio web management interface is vulnerable to clickjacking attacks | |||
| CVE-2015-7790 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-7782 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Let's PHP! Frame high-speed chat before 2015-09-22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-7786 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2015-7783 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-7927 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4998 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 a… | |||
| CVE-2015-4993 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 a… | |||
| CVE-2015-6359 | medium | — | 6.1 | 11y ago | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (m… | |||
| CVE-2015-9097 | medium | 6.1 | 6.1 | 11y ago | The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences imm… | |||
| CVE-2015-6546 | medium | — | 6.1 | 11y ago | The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebA… | |||
| CVE-2015-5156 | medium | — | 6.1 | 11y ago | The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a d… | |||
| CVE-2015-6311 | medium | — | 6.1 | 11y ago | Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i manage… | |||
| CVE-2015-6307 | medium | — | 6.1 | 11y ago | Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu1… | |||
| CVE-2015-6294 | medium | — | 6.1 | 11y ago | Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID C… | |||
| CVE-2015-6277 | medium | — | 6.1 | 11y ago | The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and … | |||
| CVE-2015-4323 | medium | — | 6.1 | 11y ago | Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus … | |||
| CVE-2015-4324 | medium | — | 6.1 | 11y ago | Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexu… | |||
| CVE-2015-4243 | medium | — | 6.1 | 11y ago | The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Requ… | |||
| CVE-2015-4241 | medium | — | 6.1 | 11y ago | Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCut52… | |||
| CVE-2015-4239 | medium | — | 6.1 | 11y ago | Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local networ… | |||
| CVE-2015-4215 | medium | — | 6.1 | 11y ago | Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwa… | |||
| CVE-2015-4197 | medium | — | 6.1 | 11y ago | Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415. | |||
| CVE-2015-2340 | medium | — | 6.1 | 11y ago | TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode… | |||
| CVE-2015-2339 | medium | — | 6.1 | 11y ago | TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mod… | |||
| CVE-2015-2338 | medium | — | 6.1 | 11y ago | TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mod… | |||
| CVE-2015-0756 | medium | — | 6.1 | 11y ago | Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka B… | |||
| CVE-2015-0723 | medium | — | 6.1 | 11y ago | The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device … | |||
| CVE-2015-0731 | medium | — | 6.1 | 11y ago | The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. | |||
| CVE-2015-0710 | medium | — | 6.1 | 11y ago | The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversi… | |||
| CVE-2015-0708 | medium | — | 6.1 | 11y ago | Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local … | |||
| CVE-2015-1866 | medium | 6.1 | 6.1 | 11y ago | ember-source vulnerable to Cross-site Scripting | |||
| CVE-2015-0679 | medium | — | 6.1 | 11y ago | The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed pass… | |||
| CVE-2015-0006 | medium | — | 6.1 | 12y ago | The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 201… | |||
| CVE-2015-7549 | medium | 6.0 | 6.0 | 9y ago | The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveragin… | |||
| CVE-2015-8551 | medium | 6.0 | 6.0 | 10y ago | The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of se… | |||
| CVE-2015-5242 | medium | — | 6.0 | 11y ago | OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a cra… | |||
| CVE-2015-7254 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. | |||
| CVE-2015-5285 | medium | — | 6.0 | 11y ago | CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. | |||
| CVE-2015-7902 | medium | — | 6.0 | 11y ago | Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to … | |||
| CVE-2015-4887 | medium | — | 6.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unk… | |||
| CVE-2015-4964 | medium | — | 6.0 | 11y ago | IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by… | |||
| CVE-2015-2026 | medium | — | 6.0 | 11y ago | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrar… | |||
| CVE-2015-6943 | medium | — | 6.0 | 11y ago | SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allow… | |||
| CVE-2015-6830 | medium | — | 6.0 | 11y ago | phpMyAdmin ReCaptcha bypass | |||
| CVE-2015-6908 | medium | — | 6.0 | 11y ago | The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER dat… | |||
| CVE-2015-5412 | medium | — | 6.0 | 11y ago | Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via … | |||
| CVE-2015-5408 | medium | — | 6.0 | 11y ago | HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1… | |||
| CVE-2015-5407 | medium | — | 6.0 | 11y ago | HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1… | |||
| CVE-2015-1830 | medium | — | 6.0 | 11y ago | Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ | |||
| CVE-2015-5509 | medium | — | 6.0 | 11y ago | The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators… | |||
| CVE-2015-6512 | medium | — | 6.0 | 11y ago | SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to se… | |||
| CVE-2015-6254 | medium | — | 6.0 | 11y ago | The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location … | |||
| CVE-2015-0277 | medium | — | 6.0 | 11y ago | The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to ot… | |||
| CVE-2015-5531 | medium | — | 6.0 | 11y ago | Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch | |||
| CVE-2015-5696 | medium | — | 6.0 | 11y ago | Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. | |||
| CVE-2015-3235 | medium | — | 6.0 | 11y ago | Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors. | |||
| CVE-2015-4666 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the lo… | |||
| CVE-2015-2890 | medium | 6.0 | 6.0 | 11y ago | The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a B… | |||
| CVE-2015-1491 | medium | — | 6.0 | 11y ago | SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via u… | |||
| CVE-2015-2134 | medium | — | 6.0 | 11y ago | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown v… | |||
| CVE-2015-4740 | medium | — | 6.0 | 11y ago | Unspecified vulnerability in the RDBMS Partitioning component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentialit… | |||
| CVE-2015-0468 | medium | — | 6.0 | 11y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availabili… | |||
| CVE-2015-1936 | medium | — | 6.0 | 11y ago | The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack s… | |||
| CVE-2015-5116 | medium | — | 6.0 | 11y ago | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Ad… | |||
| CVE-2015-4616 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id … | |||
| CVE-2015-0115 | medium | — | 6.0 | 11y ago | Cross-site request forgery (CSRF) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 … | |||
| CVE-2015-5065 | medium | — | 6.0 | 11y ago | Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read… | |||
| CVE-2015-3897 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter… | |||
| CVE-2015-4414 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitra… | |||
| CVE-2015-4393 | medium | — | 6.0 | 11y ago | The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary … | |||
| CVE-2015-4348 | medium | — | 6.0 | 11y ago | SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL co… | |||
| CVE-2015-4153 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the templ… | |||
| CVE-2015-4148 | medium | — | 6.0 | 11y ago | The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obta… | |||
| CVE-2015-3001 | medium | — | 6.0 | 11y ago | SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by lever… | |||
| CVE-2015-2998 | medium | — | 6.0 | 11y ago | SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-IN… | |||
| CVE-2015-2997 | medium | — | 6.0 | 11y ago | SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal… | |||
| CVE-2015-1700 | medium | — | 6.0 | 11y ago | Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via cra… | |||
| CVE-2015-3013 | medium | — | 6.0 | 11y ago | ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as… | |||
| CVE-2015-0482 | medium | — | 6.0 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.2.0 and 12.1.3.0 allows remote authenticated users to affect confidentiality, integrity, and availab… | |||
| CVE-2015-2166 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot en… | |||
| CVE-2015-2841 | medium | — | 6.0 | 11y ago | Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-s… | |||
| CVE-2015-0816 | medium | — | 6.0 | 11y ago | Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScr… | |||
| CVE-2015-0802 | medium | — | 6.0 | 11y ago | Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScr… | |||
| CVE-2015-2682 | medium | — | 6.0 | 11y ago | Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. | |||
| CVE-2015-2153 | medium | — | 6.0 | 11y ago | The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a craft… | |||
| CVE-2015-0252 | medium | — | 6.0 | 11y ago | internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. | |||
| CVE-2015-2184 | medium | — | 6.0 | 11y ago | ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. | |||
| CVE-2015-0894 | medium | — | 6.0 | 11y ago | SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-2067 | medium | — | 6.0 | 11y ago | MAGMI plugin for Magento Server Directory Traversal | |||
| CVE-2015-0923 | medium | — | 6.0 | 12y ago | The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via a… | |||
| CVE-2015-1579 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image acti… | |||
| CVE-2015-1482 | medium | — | 6.0 | 12y ago | Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/. |