CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0383 | medium | — | 5.4 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via un… | |||
| CVE-2015-8748 | medium | 5.3 | 5.3 | 4y ago | Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". | |||
| CVE-2015-1839 | medium | 5.3 | 5.3 | 4y ago | modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | |||
| CVE-2015-1835 | medium | 5.3 | 5.3 | 9y ago | Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables… | |||
| CVE-2015-9232 | medium | 5.3 | 5.3 | 9y ago | The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does no… | |||
| CVE-2015-4688 | medium | 5.3 | 5.3 | 9y ago | Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. | |||
| CVE-2015-8079 | medium | 5.3 | 5.3 | 9y ago | qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db. | |||
| CVE-2015-6250 | medium | 5.3 | 5.3 | 9y ago | simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side. | |||
| CVE-2015-5186 | medium | 5.3 | 5.3 | 9y ago | Audit before 2.4.4 in Linux does not sanitize escape characters in filenames. | |||
| CVE-2015-5146 | medium | 5.3 | 5.3 | 9y ago | ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote config… | |||
| CVE-2015-5059 | medium | 5.3 | 5.3 | 9y ago | The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download at… | |||
| CVE-2015-3295 | medium | 5.3 | 5.3 | 9y ago | markdown-it before 4.1.0 does not block data: URLs. | |||
| CVE-2015-1838 | medium | 5.3 | 5.3 | 9y ago | modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | |||
| CVE-2015-9019 | medium | 5.3 | 5.3 | 9y ago | In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. | |||
| CVE-2015-8309 | medium | 4.3 | 5.3 | 9y ago | Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download." | |||
| CVE-2015-8628 | medium | 5.3 | 5.3 | 9y ago | The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.2… | |||
| CVE-2015-8627 | medium | 5.3 | 5.3 | 9y ago | MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers… | |||
| CVE-2015-1610 | medium | 5.3 | 5.3 | 9y ago | hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing." | |||
| CVE-2015-3882 | medium | 5.3 | 5.3 | 9y ago | qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message. | |||
| CVE-2015-8987 | medium | 5.3 | 5.3 | 9y ago | Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possi… | |||
| CVE-2015-8139 | medium | 5.3 | 5.3 | 10y ago | ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. | |||
| CVE-2015-8138 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. | |||
| CVE-2015-8859 | medium | 5.3 | 5.3 | 10y ago | The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. | |||
| CVE-2015-3271 | medium | 5.3 | 5.3 | 10y ago | Apache Tika Server exposes sensitive information | |||
| CVE-2015-1000008 | medium | 5.3 | 5.3 | 10y ago | Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 | |||
| CVE-2015-3412 | medium | 5.3 | 5.3 | 10y ago | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an ap… | |||
| CVE-2015-5207 | medium | 5.3 | 5.3 | 10y ago | Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods. | |||
| CVE-2015-8537 | medium | 5.3 | 5.3 | 10y ago | app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. | |||
| CVE-2015-8346 | medium | 5.3 | 5.3 | 10y ago | app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the ti… | |||
| CVE-2015-8108 | medium | 5.3 | 5.3 | 10y ago | The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.… | |||
| CVE-2015-8399 | medium | 4.3 | 5.3 | 10y ago | Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdeco… | |||
| CVE-2015-7528 | medium | 5.3 | 5.3 | 10y ago | Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | |||
| CVE-2015-6485 | medium | 5.3 | 5.3 | 10y ago | Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, al… | |||
| CVE-2015-5345 | medium | 5.3 | 5.3 | 10y ago | Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | |||
| CVE-2015-5970 | medium | 5.3 | 5.3 | 10y ago | The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malforme… | |||
| CVE-2015-8287 | medium | 5.3 | 5.3 | 10y ago | Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote attackers to watch live video by visiting an unspecified URL. | |||
| CVE-2015-7444 | medium | 5.3 | 5.3 | 10y ago | The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vect… | |||
| CVE-2015-2005 | medium | 5.3 | 5.3 | 10y ago | IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not properly expire sessions, which allows remote attackers to obtain sensitive information by leveraging an… | |||
| CVE-2015-8629 | medium | 5.3 | 5.3 | 10y ago | The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which… | |||
| CVE-2015-7680 | medium | 5.3 | 5.3 | 10y ago | Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a s… | |||
| CVE-2015-8792 | medium | 5.3 | 5.3 | 11y ago | The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers… | |||
| CVE-2015-7577 | medium | 5.3 | 5.3 | 11y ago | activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta… | |||
| CVE-2015-4951 | medium | 5.3 | 5.3 | 11y ago | Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to ca… | |||
| CVE-2015-4942 | medium | 5.3 | 5.3 | 11y ago | IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-20… | |||
| CVE-2015-3943 | medium | 5.3 | 5.3 | 11y ago | Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. | |||
| CVE-2015-8672 | medium | 5.3 | 5.3 | 11y ago | The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attacke… | |||
| CVE-2015-4703 | medium | 5.3 | 5.3 | 11y ago | Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname p… | |||
| CVE-2015-7399 | medium | 5.3 | 5.3 | 11y ago | IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTT… | |||
| CVE-2015-4943 | medium | 5.3 | 5.3 | 11y ago | IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-20… | |||
| CVE-2015-4941 | medium | 5.3 | 5.3 | 11y ago | IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. | |||
| CVE-2015-7447 | medium | 5.3 | 5.3 | 11y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Po… | |||
| CVE-2015-7279 | medium | 5.3 | 5.3 | 11y ago | Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses b… | |||
| CVE-2015-2896 | medium | 5.3 | 5.3 | 11y ago | The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. | |||
| CVE-2015-2894 | medium | 5.3 | 5.3 | 11y ago | Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifi… | |||
| CVE-2015-5299 | medium | 5.3 | 5.3 | 11y ago | The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST acc… | |||
| CVE-2015-3223 | medium | 5.3 | 5.3 | 11y ago | The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero va… | |||
| CVE-2015-7665 | medium | 5.3 | 5.3 | 11y ago | Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (… | |||
| CVE-2015-8669 | medium | 5.3 | 5.3 | 11y ago | libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, … | |||
| CVE-2015-6471 | medium | 5.3 | 5.3 | 11y ago | Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attacker… | |||
| CVE-2015-6402 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an… | |||
| CVE-2015-6176 | medium | — | 5.3 | 11y ago | Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS… | |||
| CVE-2015-6127 | medium | — | 5.3 | 11y ago | Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center Infor… | |||
| CVE-2015-3195 | medium | 5.3 | 5.3 | 11y ago | The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_… | |||
| CVE-2015-6086 | medium | — | 5.3 | 11y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerabilit… | |||
| CVE-2015-8038 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (… | |||
| CVE-2015-8037 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (… | |||
| CVE-2015-7900 | medium | — | 5.3 | 11y ago | Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and th… | |||
| CVE-2015-7225 | medium | 5.3 | 5.3 | 11y ago | Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically pro… | |||
| CVE-2015-6945 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp. | |||
| CVE-2015-6809 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/save… | |||
| CVE-2015-6518 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table para… | |||
| CVE-2015-4665 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter. | |||
| CVE-2015-2321 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field. | |||
| CVE-2015-3440 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored… | |||
| CVE-2015-2863 | medium | — | 5.3 | 11y ago | Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect user… | |||
| CVE-2015-5529 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings… | |||
| CVE-2015-5520 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when… | |||
| CVE-2015-5066 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add act… | |||
| CVE-2015-2169 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which … | |||
| CVE-2015-4420 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a… | |||
| CVE-2015-3224 | medium | — | 5.3 | 11y ago | Web Console (Ruby gem) contains whitelisted_ips bypass | |||
| CVE-2015-4465 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4127 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrate… | |||
| CVE-2015-4084 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to… | |||
| CVE-2015-1389 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to ti… | |||
| CVE-2015-3986 | medium | — | 5.3 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attacke… | |||
| CVE-2015-3300 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote atta… | |||
| CVE-2015-3081 | medium | — | 5.3 | 11y ago | Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before … | |||
| CVE-2015-1155 | medium | — | 5.3 | 11y ago | The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files v… | |||
| CVE-2015-3632 | medium | — | 5.3 | 11y ago | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. | |||
| CVE-2015-3337 | medium | — | 5.3 | 11y ago | Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch | |||
| CVE-2015-2223 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers t… | |||
| CVE-2015-1126 | medium | — | 5.3 | 11y ago | WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers t… | |||
| CVE-2015-2790 | medium | — | 5.3 | 11y ago | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure o… | |||
| CVE-2015-2678 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page … | |||
| CVE-2015-2315 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup acti… | |||
| CVE-2015-2275 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter… | |||
| CVE-2015-2182 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter … | |||
| CVE-2015-2218 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers … | |||
| CVE-2015-2198 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3… |