CVEs from 2015
Total
7,313
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
17.9%
% with KEV
0.6%
% with exploit
0.8%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-8750 | medium | 6.5 | 6.5 | 9y ago | libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. | |
| CVE-2015-7973 | medium | 6.5 | 6.5 | 10y ago | NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | |
| CVE-2015-7743 | medium | 6.5 | 6.5 | 10y ago | XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses… | |
| CVE-2015-8701 | medium | 6.5 | 6.5 | 10y ago | QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a desc… | |
| CVE-2015-8786 | medium | 6.5 | 6.5 | 10y ago | The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_inc… | |
| CVE-2015-8923 | medium | 6.5 | 6.5 | 10y ago | The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. | |
| CVE-2015-8916 | medium | 6.5 | 6.5 | 10y ago | bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NU… | |
| CVE-2015-4598 | medium | 6.5 | 6.5 | 10y ago | PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted i… | |
| CVE-2015-3411 | medium | 6.5 | 6.5 | 10y ago | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted in… | |
| CVE-2015-8530 | medium | 6.5 | 6.5 | 10y ago | Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before 2… | |
| CVE-2015-5479 | medium | 6.5 | 6.5 | 10y ago | The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with craft… | |
| CVE-2015-8677 | medium | 6.5 | 6.5 | 10y ago | Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus s… | |
| CVE-2015-5247 | medium | 6.5 | 6.5 | 10y ago | The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unl… | |
| CVE-2015-8784 | medium | 6.5 | 6.5 | 10y ago | The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. | |
| CVE-2015-1547 | medium | 6.5 | 6.5 | 10y ago | The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. | |
| CVE-2015-8553 | medium | 6.5 | 6.5 | 10y ago | Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists … | |
| CVE-2015-5167 | medium | 6.5 | 6.5 | 10y ago | Apache Ranger allows users to bypass intended access restrictions via the REST API | |
| CVE-2015-2286 | medium | 6.5 | 6.5 | 10y ago | lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover passw… | |
| CVE-2015-7560 | medium | 6.5 | 6.5 | 10y ago | The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by usi… | |
| CVE-2015-8489 | medium | 6.5 | 6.5 | 10y ago | customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-… | |
| CVE-2015-8631 | medium | 6.5 | 6.5 | 10y ago | Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (mem… | |
| CVE-2015-7675 | medium | 6.5 | 6.5 | 10y ago | The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID i… | |
| CVE-2015-7513 | medium | 6.5 | 6.5 | 10y ago | arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and ho… | |
| CVE-2015-7916 | medium | 6.5 | 6.5 | 11y ago | Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. | |
| CVE-2015-8783 | medium | 6.5 | 6.5 | 11y ago | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. | |
| CVE-2015-8782 | medium | 6.5 | 6.5 | 11y ago | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. | |
| CVE-2015-8781 | medium | 6.5 | 6.5 | 11y ago | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE… | |
| CVE-2015-8794 | medium | 6.5 | 6.5 | 11y ago | Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full path… | |
| CVE-2015-6317 | medium | 6.5 | 6.5 | 11y ago | Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. | |
| CVE-2015-4925 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown ve… | |
| CVE-2015-8704 | medium | 6.5 | 6.5 | 11y ago | apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed … | |
| CVE-2015-8605 | medium | 6.5 | 6.5 | 11y ago | ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. | |
| CVE-2015-8335 | medium | 6.5 | 6.5 | 11y ago | Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading… | |
| CVE-2015-6433 | medium | 6.5 | 6.5 | 11y ago | SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | |
| CVE-2015-5434 | medium | 6.5 | 6.5 | 11y ago | HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and fo… | |
| CVE-2015-7456 | medium | 6.5 | 6.5 | 11y ago | IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. | |
| CVE-2015-8703 | medium | 6.5 | 6.5 | 11y ago | ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials… | |
| CVE-2015-6004 | medium | 6.5 | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.a… | |
| CVE-2015-6431 | medium | 6.5 | 6.5 | 11y ago | Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405. | |
| CVE-2015-8357 | medium | — | 6.5 | 11y ago | Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or caus… | |
| CVE-2015-8377 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serializ… | |
| CVE-2015-6361 | medium | — | 6.5 | 11y ago | The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw8617… | |
| CVE-2015-6417 | medium | — | 6.5 | 11y ago | Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to databa… | |
| CVE-2015-6395 | medium | — | 6.5 | 11y ago | Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID C… | |
| CVE-2015-5323 | medium | — | 6.5 | 11y ago | Jenkins allows Administrators to Access API Tokens | |
| CVE-2015-6380 | medium | — | 6.5 | 11y ago | An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via c… | |
| CVE-2015-7773 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an … | |
| CVE-2015-7712 | medium | — | 6.5 | 11y ago | Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary… | |
| CVE-2015-7774 | medium | — | 6.5 | 11y ago | PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | |
| CVE-2015-4966 | medium | — | 6.5 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFI… | |
| CVE-2015-1989 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2015-6316 | medium | — | 6.5 | 11y ago | The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by … | |
| CVE-2015-5673 | medium | — | 6.5 | 11y ago | eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an … | |
| CVE-2015-3270 | medium | — | 6.5 | 11y ago | Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. | |
| CVE-2015-6350 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. | |
| CVE-2015-6345 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug… | |
| CVE-2015-5669 | medium | — | 6.5 | 11y ago | Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. | |
| CVE-2015-7904 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors invol… | |
| CVE-2015-7903 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2015-7901 | medium | — | 6.5 | 11y ago | Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |
| CVE-2015-6486 | medium | — | 6.5 | 11y ago | SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via u… | |
| CVE-2015-4900 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and av… | |
| CVE-2015-4888 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability … | |
| CVE-2015-7682 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1… | |
| CVE-2015-1806 | medium | — | 6.5 | 11y ago | Jenkins allows for Privilege Escalation by Remote Authenticated Users | |
| CVE-2015-7729 | medium | — | 6.5 | 11y ago | Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via uns… | |
| CVE-2015-7727 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via un… | |
| CVE-2015-7725 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remo… | |
| CVE-2015-6331 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID… | |
| CVE-2015-6329 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. | |
| CVE-2015-5659 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2015-5648 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2015-5645 | medium | — | 6.5 | 11y ago | ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. | |
| CVE-2015-5642 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2015-5641 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2015-5640 | medium | — | 6.5 | 11y ago | baserCMS Access Control Bypass | |
| CVE-2015-4967 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 a… | |
| CVE-2015-5703 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2015-4542 | medium | — | 6.5 | 11y ago | EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. | |
| CVE-2015-7310 | medium | — | 6.5 | 11y ago | McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before … | |
| CVE-2015-7309 | medium | — | 6.5 | 11y ago | The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then dire… | |
| CVE-2015-5603 | medium | — | 6.5 | 11y ago | The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerab… | |
| CVE-2015-6299 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug… | |
| CVE-2015-5274 | medium | — | 6.5 | 11y ago | rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker. | |
| CVE-2015-6968 | medium | — | 6.5 | 11y ago | Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbi… | |
| CVE-2015-6967 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then … | |
| CVE-2015-6743 | medium | — | 6.5 | 11y ago | Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge … | |
| CVE-2015-6742 | medium | — | 6.5 | 11y ago | Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge… | |
| CVE-2015-5431 | medium | — | 6.5 | 11y ago | HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |
| CVE-2015-5405 | medium | — | 6.5 | 11y ago | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify da… | |
| CVE-2015-2140 | medium | — | 6.5 | 11y ago | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify … | |
| CVE-2015-5410 | medium | — | 6.5 | 11y ago | HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors. | |
| CVE-2015-3238 | medium | 6.5 | 6.5 | 11y ago | The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial … | |
| CVE-2015-4329 | medium | — | 6.5 | 11y ago | The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID … | |
| CVE-2015-4303 | medium | — | 6.5 | 11y ago | Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parame… | |
| CVE-2015-4298 | medium | — | 6.5 | 11y ago | Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors,… | |
| CVE-2015-6516 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php. | |
| CVE-2015-2058 | medium | — | 6.5 | 11y ago | c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other u… | |
| CVE-2015-4276 | medium | — | 6.5 | 11y ago | Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. | |
| CVE-2015-2617 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition. |