CVEs from 2015
Total
7,261
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0656 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CS… | |||
| CVE-2015-2195 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3… | |||
| CVE-2015-0655 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vect… | |||
| CVE-2015-2103 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name paramete… | |||
| CVE-2015-2101 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2015-2072 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML … | |||
| CVE-2015-0882 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web… | |||
| CVE-2015-0594 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers… | |||
| CVE-2015-2088 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unkn… | |||
| CVE-2015-2082 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to inject arbitrary web script or HTML via the txtUserID parameter. | |||
| CVE-2015-2043 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the (1) bt, (2) variable, or (3) et parame… | |||
| CVE-2015-0834 | medium | — | 4.3 | 11y ago | The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to … | |||
| CVE-2015-0827 | medium | — | 4.3 | 11y ago | Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive… | |||
| CVE-2015-0825 | medium | — | 4.3 | 11y ago | Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malf… | |||
| CVE-2015-0822 | medium | — | 4.3 | 11y ago | The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. | |||
| CVE-2015-0819 | medium | — | 4.3 | 11y ago | The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking a… | |||
| CVE-2015-2069 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports pa… | |||
| CVE-2015-2064 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) c, or (3) redirect parameter to inde… | |||
| CVE-2015-2054 | medium | — | 4.3 | 11y ago | CRLF injection vulnerability in export.cfg in the web-based administrative console for Sierra Wireless AirCard 760S, 762S, and 763S allows remote attackers to inject arbitrary headers via CRLF sequen… | |||
| CVE-2015-2053 | medium | — | 4.3 | 11y ago | The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks … | |||
| CVE-2015-0624 | medium | — | 4.3 | 11y ago | The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirect… | |||
| CVE-2015-2040 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script … | |||
| CVE-2015-2034 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php. | |||
| CVE-2015-0167 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in textAngular before 1.3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the editor. | |||
| CVE-2015-0881 | medium | — | 4.3 | 11y ago | CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. | |||
| CVE-2015-0879 | medium | — | 4.3 | 11y ago | CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment. | |||
| CVE-2015-1879 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an e… | |||
| CVE-2015-1603 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id pa… | |||
| CVE-2015-0626 | medium | — | 4.3 | 11y ago | The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114. | |||
| CVE-2015-0623 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified … | |||
| CVE-2015-0108 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain … | |||
| CVE-2015-1436 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easi… | |||
| CVE-2015-1435 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php. | |||
| CVE-2015-0873 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-0610 | medium | — | 4.3 | 12y ago | Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper hand… | |||
| CVE-2015-1582 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter… | |||
| CVE-2015-0070 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclo… | |||
| CVE-2015-0069 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||
| CVE-2015-0061 | medium | — | 4.3 | 12y ago | Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not pr… | |||
| CVE-2015-0055 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||
| CVE-2015-0054 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||
| CVE-2015-0051 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 8 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||
| CVE-2015-0009 | low | — | 4.3 | 12y ago | The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windo… | |||
| CVE-2015-1571 | medium | — | 4.3 | 12y ago | The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-i… | |||
| CVE-2015-1570 | medium | — | 4.3 | 12y ago | The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to… | |||
| CVE-2015-1569 | medium | — | 4.3 | 12y ago | Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. | |||
| CVE-2015-1431 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite." | |||
| CVE-2015-1567 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the "edit gd infinite scroll settings" per… | |||
| CVE-2015-1566 | medium | — | 4.3 | 12y ago | Moderate severity vulnerability that affects DotNetNuke.Core | |||
| CVE-2015-1565 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manage… | |||
| CVE-2015-1564 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field. | |||
| CVE-2015-1562 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to admin/user_management.php, (2) da… | |||
| CVE-2015-0871 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-0605 | medium | — | 4.3 | 12y ago | The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail at… | |||
| CVE-2015-1512 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the (1) LoginForm[username] to ui/system/login or… | |||
| CVE-2015-1444 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary… | |||
| CVE-2015-1475 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to … | |||
| CVE-2015-1437 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) resu… | |||
| CVE-2015-0599 | medium | — | 4.3 | 12y ago | The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier f… | |||
| CVE-2015-1459 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. | |||
| CVE-2015-1433 | medium | — | 4.3 | 12y ago | program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute … | |||
| CVE-2015-1404 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-1402 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-1384 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid param… | |||
| CVE-2015-1385 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in… | |||
| CVE-2015-1383 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key. | |||
| CVE-2015-0866 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustom… | |||
| CVE-2015-0870 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-1370 | medium | — | 4.3 | 12y ago | Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. | |||
| CVE-2015-1363 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/. | |||
| CVE-2015-1308 | medium | — | 4.3 | 12y ago | kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locke… | |||
| CVE-2015-1307 | medium | — | 4.3 | 12y ago | plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package. | |||
| CVE-2015-1179 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2… | |||
| CVE-2015-1178 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id par… | |||
| CVE-2015-1347 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||
| CVE-2015-1180 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet. | |||
| CVE-2015-1176 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action. | |||
| CVE-2015-1175 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the l… | |||
| CVE-2015-0436 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Login. | |||
| CVE-2015-0434 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors r… | |||
| CVE-2015-0431 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0 6.3.1, 6.3.2, 6.3.4, and 6.3.5 allows remote attackers to affect inte… | |||
| CVE-2015-0425 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Enterprise Asset Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Sie… | |||
| CVE-2015-0420 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Forms component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Forms Servic… | |||
| CVE-2015-0419 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, … | |||
| CVE-2015-1196 | medium | — | 4.3 | 12y ago | GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | |||
| CVE-2015-1194 | medium | — | 4.3 | 12y ago | pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||
| CVE-2015-0404 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity v… | |||
| CVE-2015-0402 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - C… | |||
| CVE-2015-0386 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related… | |||
| CVE-2015-0382 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a differ… | |||
| CVE-2015-0381 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a differ… | |||
| CVE-2015-0380 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Telecommunications Billing Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.… | |||
| CVE-2015-0379 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Technology. | |||
| CVE-2015-0376 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Content Server. | |||
| CVE-2015-0369 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to AX/HI Web UI. | |||
| CVE-2015-0365 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Se… | |||
| CVE-2015-1048 | medium | — | 4.3 | 12y ago | Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct p… | |||
| CVE-2015-1204 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the … | |||
| CVE-2015-1164 | medium | — | 4.3 | 12y ago | Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attack… | |||
| CVE-2015-1032 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search. |