Max CVSS 10.0 Min CVSS 1.5 Total Count1612
IDCVSSSummaryLast (major) updatePublished
CVE-2015-4664 7.5
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
18-06-2018 - 14:29 18-06-2018 - 14:29
CVE-2014-2069 5.0
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.
16-04-2018 - 05:58 16-04-2018 - 05:58
CVE-2015-5079 5.0
Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.
28-02-2018 - 17:29 28-02-2018 - 17:29
CVE-2015-4117 6.5
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
28-02-2018 - 17:29 28-02-2018 - 17:29
CVE-2015-3898 5.8
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonit
28-02-2018 - 16:29 28-02-2018 - 16:29
CVE-2015-1862 6.9
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
09-02-2018 - 17:29 09-02-2018 - 17:29
CVE-2014-1632 9.3
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
31-01-2018 - 13:29 31-01-2018 - 13:29
CVE-2014-1631 5.0
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
31-01-2018 - 13:29 31-01-2018 - 13:29
CVE-2014-6437 5.0
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.
12-01-2018 - 12:29 12-01-2018 - 12:29
CVE-2014-6436 10.0
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging a
12-01-2018 - 12:29 12-01-2018 - 12:29
CVE-2014-6435 5.0
cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.
12-01-2018 - 12:29 12-01-2018 - 12:29
CVE-2014-7222 4.0
Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab wit
08-01-2018 - 14:29 08-01-2018 - 14:29
CVE-2014-7221 4.0
TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab co
08-01-2018 - 14:29 08-01-2018 - 14:29
CVE-2015-3302 5.0
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
29-12-2017 - 17:29 29-12-2017 - 17:29
CVE-2015-7889 4.3
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with know
27-12-2017 - 21:29 27-12-2017 - 21:29
CVE-2015-3934 7.5
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login.
21-11-2017 - 10:29 21-11-2017 - 10:29
CVE-2015-3933 7.5
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.
08-11-2017 - 11:29 08-11-2017 - 11:29
CVE-2014-2023 7.5
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscr
26-10-2017 - 16:29 26-10-2017 - 16:29
CVE-2015-5533 6.5
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php.
23-10-2017 - 14:29 23-10-2017 - 14:29
CVE-2015-2878 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accou
23-10-2017 - 14:29 23-10-2017 - 14:29
CVE-2015-7715 6.8
Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrat
18-10-2017 - 14:29 18-10-2017 - 14:29
CVE-2015-7714 6.5
Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field a
18-10-2017 - 14:29 18-10-2017 - 14:29
CVE-2014-9118 9.0
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
17-10-2017 - 12:29 17-10-2017 - 12:29
CVE-2014-8357 4.0
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backup
17-10-2017 - 12:29 17-10-2017 - 12:29
CVE-2015-2780 7.5
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
16-10-2017 - 14:29 16-10-2017 - 14:29
CVE-2014-9148 7.5
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.
16-10-2017 - 11:29 16-10-2017 - 11:29
CVE-2014-9147 5.0
Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
16-10-2017 - 11:29 16-10-2017 - 11:29
CVE-2015-2147 7.5
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
06-10-2017 - 18:29 06-10-2017 - 18:29
CVE-2015-2145 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
06-10-2017 - 18:29 06-10-2017 - 18:29
CVE-2015-2143 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.
06-10-2017 - 18:29 06-10-2017 - 18:29
CVE-2015-2142 6.0
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to pro
06-10-2017 - 18:29 06-10-2017 - 18:29
CVE-2015-7358 7.2
The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume ove
02-10-2017 - 21:29 02-10-2017 - 21:29
CVE-2015-8249 10.0
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
27-09-2017 - 21:29 27-09-2017 - 21:29
CVE-2015-3643 4.6
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing c
27-09-2017 - 21:29 27-09-2017 - 21:29
CVE-2014-0997 5.0
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.
25-09-2017 - 21:29 25-09-2017 - 21:29
CVE-2015-7293 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2015-4669 7.2
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
25-09-2017 - 13:29 25-09-2017 - 13:29
CVE-2015-4668 5.8
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
25-09-2017 - 13:29 25-09-2017 - 13:29
CVE-2015-4667 7.5
Multiple hardcoded credentials in Xsuite 2.x.
25-09-2017 - 13:29 25-09-2017 - 13:29
CVE-2015-7347 3.5
Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.
20-09-2017 - 14:29 20-09-2017 - 14:29
CVE-2015-2826 5.0
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
20-09-2017 - 14:29 20-09-2017 - 14:29
CVE-2015-4075 6.8
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
20-09-2017 - 12:29 20-09-2017 - 12:29
CVE-2015-4074 5.0
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
20-09-2017 - 12:29 20-09-2017 - 12:29
CVE-2015-4073 7.5
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary
20-09-2017 - 12:29 20-09-2017 - 12:29
CVE-2015-4072 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
20-09-2017 - 12:29 20-09-2017 - 12:29
CVE-2015-4685 4.4
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
19-09-2017 - 15:29 19-09-2017 - 15:29
CVE-2015-4684 5.5
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote
19-09-2017 - 15:29 19-09-2017 - 15:29
CVE-2015-4683 7.5
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
19-09-2017 - 15:29 19-09-2017 - 15:29
CVE-2015-4682 4.0
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
19-09-2017 - 15:29 19-09-2017 - 15:29
CVE-2015-4681 7.2
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
19-09-2017 - 15:29 19-09-2017 - 15:29
CVE-2014-9619 6.5
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to
19-09-2017 - 11:29 19-09-2017 - 11:29
CVE-2014-9618 7.5
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
19-09-2017 - 11:29 19-09-2017 - 11:29
CVE-2014-9611 7.5
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
19-09-2017 - 11:29 19-09-2017 - 11:29
CVE-2014-9610 5.0
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
19-09-2017 - 11:29 19-09-2017 - 11:29
CVE-2014-9463 9.0
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
15-09-2017 - 16:29 15-09-2017 - 16:29
CVE-2015-8351 6.8
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captc
11-09-2017 - 16:29 11-09-2017 - 16:29
CVE-2015-3314 6.8
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
07-09-2017 - 16:29 07-09-2017 - 16:29
CVE-2015-3313 7.5
SQL injection vulnerability in WordPress Community Events plugin before 1.4.
07-09-2017 - 16:29 07-09-2017 - 16:29
CVE-2015-3222 6.9
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.
07-09-2017 - 16:29 07-09-2017 - 16:29
CVE-2015-7241 7.5
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
06-09-2017 - 17:29 06-09-2017 - 17:29
CVE-2014-8677 3.5
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being u
31-08-2017 - 18:29 31-08-2017 - 18:29
CVE-2014-8676 5.0
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
31-08-2017 - 18:29 31-08-2017 - 18:29
CVE-2014-8675 5.0
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
31-08-2017 - 18:29 31-08-2017 - 18:29
CVE-2014-9312 6.5
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
28-08-2017 - 11:29 28-08-2017 - 11:29
CVE-2014-5301 9.0
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
28-08-2017 - 11:29 28-08-2017 - 11:29
CVE-2015-1325 6.9
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LT
25-08-2017 - 14:29 25-08-2017 - 14:29
CVE-2015-8352 10.0
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
24-08-2017 - 17:29 24-08-2017 - 17:29
CVE-2015-7896 4.3
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
24-08-2017 - 16:29 24-08-2017 - 16:29
CVE-2015-7259 9.0
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and pass
24-08-2017 - 16:29 24-08-2017 - 16:29
CVE-2015-7258 9.0
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
24-08-2017 - 16:29 24-08-2017 - 16:29
CVE-2015-7257 8.5
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from
24-08-2017 - 16:29 24-08-2017 - 16:29
CVE-2015-2857 7.5
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
22-08-2017 - 11:29 22-08-2017 - 11:29
CVE-2015-4071 5.0
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
18-08-2017 - 14:29 18-08-2017 - 14:29
CVE-2015-7945 5.0
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain t
18-08-2017 - 13:29 18-08-2017 - 13:29
CVE-2015-7944 5.0
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remo
18-08-2017 - 13:29 18-08-2017 - 13:29
CVE-2015-7894 6.8
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JP
09-08-2017 - 14:29 09-08-2017 - 14:29
CVE-2015-2291 7.2
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x8086201
09-08-2017 - 14:29 09-08-2017 - 14:29
CVE-2014-5144 3.5
Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.
09-08-2017 - 14:29 09-08-2017 - 14:29
CVE-2014-9262 5.5
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
07-08-2017 - 13:29 07-08-2017 - 13:29
CVE-2014-9260 6.5
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.
07-08-2017 - 13:29 07-08-2017 - 13:29
CVE-2015-7891 4.4
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as n
02-08-2017 - 15:29 02-08-2017 - 15:29
CVE-2015-5594 4.3
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.
25-07-2017 - 14:29 25-07-2017 - 14:29
CVE-2015-2798 7.5
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
25-07-2017 - 14:29 25-07-2017 - 14:29
CVE-2015-2280 9.0
snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.
24-07-2017 - 21:29 24-07-2017 - 21:29
CVE-2015-2279 10.0
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, w
24-07-2017 - 21:29 24-07-2017 - 21:29
CVE-2015-7898 2.1
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
27-06-2017 - 16:29 27-06-2017 - 16:29
CVE-2015-7895 2.1
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
27-06-2017 - 16:29 27-06-2017 - 16:29
CVE-2015-3315 7.2
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-r
26-06-2017 - 11:29 26-06-2017 - 11:29
CVE-2014-8687 10.0
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
08-06-2017 - 12:29 08-06-2017 - 12:29
CVE-2015-7346 7.5
SQL injection vulnerability in ZCMS 1.1.
07-06-2017 - 17:29 07-06-2017 - 17:29
CVE-2015-5468 5.0
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2015-4455 7.5
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then a
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2015-5437 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none.
11-05-2017 - 10:29 11-05-2017 - 10:29
CVE-2015-0107 4.0
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX
27-04-2017 - 15:51 24-04-2017 - 02:59
CVE-2015-0104 6.5
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX
27-04-2017 - 15:50 24-04-2017 - 02:59
CVE-2016-1713 8.5
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a cra
25-04-2017 - 11:52 14-04-2017 - 14:59
CVE-2015-8356 6.0
Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (
22-04-2017 - 10:12 14-04-2017 - 10:59
CVE-2015-6567 6.5
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access
21-04-2017 - 14:22 14-04-2017 - 12:59
CVE-2015-6568 6.5
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for
21-04-2017 - 14:21 14-04-2017 - 12:59
CVE-2015-8284 6.5
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.
19-04-2017 - 15:37 13-04-2017 - 10:59
CVE-2015-8283 6.8
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.
19-04-2017 - 15:37 13-04-2017 - 10:59
CVE-2015-8282 7.5
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.
19-04-2017 - 15:37 13-04-2017 - 10:59
CVE-2015-7893 6.8
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
17-04-2017 - 15:05 11-04-2017 - 15:59
CVE-2014-1739 1.7
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/med
07-04-2017 - 21:59 23-06-2014 - 07:21
CVE-2014-7279 10.0
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
28-03-2017 - 09:46 23-03-2017 - 13:59
CVE-2015-8556 10.0
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
27-03-2017 - 15:15 24-03-2017 - 10:59
CVE-2014-4113 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users
13-03-2017 - 21:59 15-10-2014 - 06:55
CVE-2015-5696 5.0
Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request.
23-02-2017 - 21:59 14-08-2015 - 14:59
CVE-2015-1158 10.0
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings v
23-02-2017 - 21:59 26-06-2015 - 06:59
CVE-2014-8429 6.8
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafte
19-02-2017 - 01:07 28-11-2014 - 10:59
CVE-2015-8636 9.3
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attacker
16-02-2017 - 21:59 28-12-2015 - 18:59
CVE-2015-8635 9.3
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 28-12-2015 - 18:59
CVE-2015-8634 9.3
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 28-12-2015 - 18:59
CVE-2015-8434 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8431 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8430 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8429 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8428 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8427 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8425 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8424 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8423 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8422 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8421 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8420 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
16-02-2017 - 21:59 10-12-2015 - 00:59
CVE-2015-8044 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19
16-02-2017 - 21:59 11-11-2015 - 08:00
CVE-2015-5568 10.0
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to caus
16-02-2017 - 21:59 22-09-2015 - 06:59
CVE-2015-5563 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5562 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by lever
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5561 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5560 10.0
Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute ar
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5558 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by lever
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5557 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5556 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5555 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by lever
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5554 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by lever
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5551 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5550 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5549 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5548 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5547 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5546 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5545 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5544 10.0
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5540 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5539 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5134 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5133 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5132 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5131 10.0
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arb
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5130 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2015-5127 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers t
16-02-2017 - 21:59 13-08-2015 - 21:59
CVE-2014-2045 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in
26-01-2017 - 14:32 20-01-2017 - 10:59
CVE-2015-5119 10.0
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attacker
19-01-2017 - 21:59 08-07-2015 - 10:59
CVE-2015-4594 7.5
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.
10-01-2017 - 19:21 10-01-2017 - 10:59
CVE-2015-4591 4.3
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
10-01-2017 - 11:33 10-01-2017 - 10:59
CVE-2015-4593 6.8
eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the c
10-01-2017 - 11:33 10-01-2017 - 10:59
CVE-2015-4592 7.5
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
10-01-2017 - 11:33 10-01-2017 - 10:59
CVE-2014-8727 6.2
Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/j
06-01-2017 - 22:00 17-11-2014 - 11:59
CVE-2014-8440 10.0
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attacker
06-01-2017 - 22:00 11-11-2014 - 18:55
CVE-2014-7910 7.5
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 22:00 19-11-2014 - 06:59
CVE-2014-7169 10.0
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro
06-01-2017 - 22:00 24-09-2014 - 21:55
CVE-2014-6332 9.3
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute ar
06-01-2017 - 22:00 11-11-2014 - 17:55
CVE-2014-6324 9.0
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain user
06-01-2017 - 22:00 18-11-2014 - 18:59
CVE-2014-6271 10.0
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman
06-01-2017 - 22:00 24-09-2014 - 14:48
CVE-2014-5207 6.0
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with back
06-01-2017 - 22:00 18-08-2014 - 07:15
CVE-2014-4971 7.2
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the M
06-01-2017 - 22:00 26-07-2014 - 11:55
CVE-2014-4943 6.9
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
06-01-2017 - 22:00 19-07-2014 - 15:55
CVE-2014-4404 9.3
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
06-01-2017 - 22:00 18-09-2014 - 06:55
CVE-2014-3153 7.2
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe wai
06-01-2017 - 21:59 07-06-2014 - 10:55
CVE-2014-3004 4.3
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
06-01-2017 - 21:59 11-06-2014 - 10:55
CVE-2014-2624 10.0
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.
06-01-2017 - 21:59 10-09-2014 - 21:55
CVE-2014-2623 10.0
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
06-01-2017 - 21:59 17-07-2014 - 20:55
CVE-2014-1564 4.3
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script
06-01-2017 - 21:59 03-09-2014 - 06:55
CVE-2014-0556 10.0
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR S
06-01-2017 - 21:59 09-09-2014 - 21:55
CVE-2013-6835 5.0
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.
06-01-2017 - 21:59 14-03-2014 - 06:55
CVE-2013-5467 7.2
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and
06-01-2017 - 21:59 29-08-2014 - 05:55
CVE-2013-2134 9.3
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
06-01-2017 - 21:59 16-07-2013 - 14:55
CVE-2013-1861 5.0
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted
06-01-2017 - 21:59 28-03-2013 - 19:55
CVE-2011-1081 5.0
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
06-01-2017 - 21:59 19-03-2011 - 22:00
CVE-2015-3073 10.0
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061,
05-01-2017 - 15:06 13-05-2015 - 07:00
CVE-2015-2572 4.6
Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors relat
03-01-2017 - 13:40 16-04-2015 - 13:00
CVE-2015-3864 10.0
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759.
02-01-2017 - 22:00 30-09-2015 - 20:59
CVE-2015-3632 4.3
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.
02-01-2017 - 22:00 01-05-2015 - 11:59
CVE-2015-3456 7.7
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_
02-01-2017 - 22:00 13-05-2015 - 14:59
CVE-2015-3306 10.0
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
02-01-2017 - 22:00 18-05-2015 - 11:59
CVE-2015-3093 10.0
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow atta
02-01-2017 - 22:00 13-05-2015 - 07:00
CVE-2015-3090 10.0
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow atta
02-01-2017 - 22:00 13-05-2015 - 07:00
CVE-2015-3089 10.0
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow atta
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3088 10.0
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compile
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3087 10.0
Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 1
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3083 6.4
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remo
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3082 6.4
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remo
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3081 4.3
Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3080 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compi
02-01-2017 - 21:59 13-05-2015 - 07:00
CVE-2015-3043 10.0
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as
02-01-2017 - 21:59 14-04-2015 - 18:59
CVE-2015-3042 10.0
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a d
02-01-2017 - 21:59 14-04-2015 - 18:59
CVE-2015-2281 7.5
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.
02-01-2017 - 21:59 19-03-2015 - 10:59
CVE-2015-2153 5.0
The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit
02-01-2017 - 21:59 24-03-2015 - 13:59
CVE-2015-1701 7.2
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vul
02-01-2017 - 21:59 21-04-2015 - 06:59
CVE-2015-1680 2.1
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the A
02-01-2017 - 21:59 13-05-2015 - 06:59
CVE-2015-1679 2.1
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the A
02-01-2017 - 21:59 13-05-2015 - 06:59
CVE-2015-1678 2.1
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the A
02-01-2017 - 21:59 13-05-2015 - 06:59
CVE-2015-1677 2.1
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the A
02-01-2017 - 21:59 13-05-2015 - 06:59
CVE-2015-1676 2.1
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the A
02-01-2017 - 21:59 13-05-2015 - 06:59
CVE-2015-1674 1.9
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discov
02-01-2017 - 21:59 13-05-2015 - 06:59
CVE-2015-1635 10.0
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerabilit
02-01-2017 - 21:59 14-04-2015 - 16:59
CVE-2015-1265 7.5
Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
02-01-2017 - 21:59 20-05-2015 - 06:59
CVE-2015-0816 5.0
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the a
02-01-2017 - 21:59 01-04-2015 - 06:59
CVE-2015-0516 4.0
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
02-01-2017 - 21:59 21-01-2015 - 10:17
CVE-2015-0514 5.0
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
02-01-2017 - 21:59 21-01-2015 - 10:17
CVE-2015-0493 1.5
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CV
02-01-2017 - 21:59 16-04-2015 - 12:59
CVE-2015-0474 1.5
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CV
02-01-2017 - 21:59 16-04-2015 - 12:59
CVE-2015-0359 10.0
Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerabili
02-01-2017 - 21:59 14-04-2015 - 18:59
CVE-2015-0313 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited
02-01-2017 - 21:59 02-02-2015 - 14:59
CVE-2015-0252 5.0
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
02-01-2017 - 21:59 24-03-2015 - 13:59
CVE-2015-0235 10.0
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu
02-01-2017 - 21:59 28-01-2015 - 14:59
CVE-2015-0016 9.3
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remot
02-01-2017 - 21:59 13-01-2015 - 17:59
CVE-2015-0004 7.2
The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users
02-01-2017 - 21:59 13-01-2015 - 17:59
CVE-2015-0002 7.2
The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify
02-01-2017 - 21:59 13-01-2015 - 17:59
CVE-2014-9226 7.2
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors
02-01-2017 - 21:59 21-01-2015 - 10:17
CVE-2014-9225 4.0
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive serv
02-01-2017 - 21:59 21-01-2015 - 10:17
CVE-2014-9224 3.5
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0
02-01-2017 - 21:59 21-01-2015 - 10:17
CVE-2014-8826 5.0
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.
02-01-2017 - 21:59 30-01-2015 - 06:59
CVE-2014-8636 7.5
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileg
02-01-2017 - 21:59 14-01-2015 - 06:59
CVE-2014-8361 10.0
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.
02-01-2017 - 21:59 01-05-2015 - 11:59
CVE-2014-8008 6.8
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.
02-01-2017 - 21:59 22-01-2015 - 09:01
CVE-2014-7822 7.2
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unsp
02-01-2017 - 21:59 16-03-2015 - 06:59
CVE-2014-7289 6.5
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitra
02-01-2017 - 21:59 21-01-2015 - 10:17
CVE-2014-7288 9.0
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
02-01-2017 - 21:59 31-01-2015 - 21:59
CVE-2014-7285 6.5
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.
02-01-2017 - 21:59 17-12-2014 - 11:59
CVE-2014-7187 10.0
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deepl
02-01-2017 - 21:59 28-09-2014 - 15:55
CVE-2014-7186 10.0
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here doc
02-01-2017 - 21:59 28-09-2014 - 15:55
CVE-2014-7146 7.5
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_repla
02-01-2017 - 21:59 18-11-2014 - 10:59
CVE-2014-6593 4.0
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
02-01-2017 - 21:59 21-01-2015 - 10:28
CVE-2014-6278 10.0
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the Force
02-01-2017 - 21:59 30-09-2014 - 06:55
CVE-2014-6277 10.0
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-poin
02-01-2017 - 21:59 27-09-2014 - 18:55
CVE-2014-0569 10.0
Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.
02-01-2017 - 21:59 15-10-2014 - 06:55
CVE-2015-5477 7.8
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
30-12-2016 - 21:59 29-07-2015 - 10:59
CVE-2015-4148 5.0
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted seria
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-4127 4.3
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin
30-12-2016 - 21:59 28-05-2015 - 10:59
CVE-2015-4010 6.8
Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the
30-12-2016 - 21:59 09-06-2015 - 10:59
CVE-2015-3107 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe
30-12-2016 - 21:59 09-06-2015 - 21:59
CVE-2015-3106 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe
30-12-2016 - 21:59 09-06-2015 - 21:59
CVE-2015-3105 10.0
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Wi
30-12-2016 - 21:59 09-06-2015 - 21:59
CVE-2015-2995 6.8
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.
30-12-2016 - 21:59 08-06-2015 - 10:59
CVE-2015-2125 4.0
Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
30-12-2016 - 21:59 07-06-2015 - 14:59
CVE-2015-2051 10.0
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
30-12-2016 - 21:59 23-02-2015 - 12:59
CVE-2015-1833 6.4
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to
30-12-2016 - 21:59 29-05-2015 - 11:59
CVE-2015-1815 10.0
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
30-12-2016 - 21:59 30-03-2015 - 10:59
CVE-2015-1389 4.3
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
30-12-2016 - 21:59 28-05-2015 - 10:59
CVE-2015-0336 9.3
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than
30-12-2016 - 21:59 13-03-2015 - 13:59
CVE-2015-0273 7.5
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2014-6395 7.5
Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is
30-12-2016 - 21:59 19-12-2014 - 10:59
CVE-2013-6017 4.3
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.
30-12-2016 - 21:59 12-01-2014 - 13:34
CVE-2013-5094 4.3
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
30-12-2016 - 21:59 28-01-2014 - 12:55
CVE-2013-4730 10.0
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
30-12-2016 - 21:59 15-05-2014 - 10:55
CVE-2013-4474 5.0
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
30-12-2016 - 21:59 23-11-2013 - 06:55
CVE-2013-3827 5.0
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server
30-12-2016 - 21:59 16-10-2013 - 11:55
CVE-2013-2248 5.8
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
30-12-2016 - 21:59 19-07-2013 - 23:37
CVE-2012-3571 6.1
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
30-12-2016 - 21:59 25-07-2012 - 06:42
CVE-2008-5753 9.3
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
30-12-2016 - 21:59 30-12-2008 - 12:30
CVE-2015-5122 10.0
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and
27-12-2016 - 21:59 14-07-2015 - 06:59
CVE-2015-5118 10.0
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compile
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-5116 5.0
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remo
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-4432 10.0
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compile
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-4430 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compi
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-3202 3.6
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's
27-12-2016 - 21:59 02-07-2015 - 17:59
CVE-2015-3137 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compi
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-3134 10.0
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow atta
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-3128 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compi
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-3124 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compi
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-3118 10.0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compi
27-12-2016 - 21:59 09-07-2015 - 12:59
CVE-2015-3112 10.0
Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
27-12-2016 - 21:59 24-06-2015 - 06:59
CVE-2015-3111 10.0
Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.
27-12-2016 - 21:59 24-06-2015 - 06:59
CVE-2015-3110 10.0
Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.
27-12-2016 - 21:59 24-06-2015 - 06:59
CVE-2015-1793 6.4
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers t
27-12-2016 - 21:59 09-07-2015 - 15:17
CVE-2015-7645 9.3
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
23-12-2016 - 21:59 15-10-2015 - 06:59
CVE-2015-7007 7.5
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
23-12-2016 - 21:59 23-10-2015 - 17:59
CVE-2015-6996 6.8
IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
23-12-2016 - 21:59 23-10-2015 - 17:59
CVE-2015-6995 6.8
The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
23-12-2016 - 21:59 23-10-2015 - 17:59
CVE-2015-6763 7.5
Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
23-12-2016 - 21:59 15-10-2015 - 06:59
CVE-2015-5889 7.2
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
23-12-2016 - 21:59 09-10-2015 - 01:59
CVE-2015-5161 6.8
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML e
23-12-2016 - 21:59 25-08-2015 - 13:59
CVE-2015-4878 1.5
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CV
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4877 1.5
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CV
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4495 4.3
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript
23-12-2016 - 21:59 07-08-2015 - 20:59
CVE-2015-4481 3.3
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log fi
23-12-2016 - 21:59 15-08-2015 - 21:59
CVE-2015-3798 7.5
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a differen
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3796 7.5
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a differen
23-12-2016 - 21:59 16-08-2015 - 20:00
CVE-2015-3246 7.2
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the
23-12-2016 - 21:59 11-08-2015 - 10:59
CVE-2015-3245 2.1
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newl
23-12-2016 - 21:59 11-08-2015 - 10:59
CVE-2014-2962 7.8
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
23-12-2016 - 21:59 19-06-2014 - 06:50
CVE-2015-7235 7.5
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 act
21-12-2016 - 22:00 17-09-2015 - 12:59
CVE-2015-6973 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2
21-12-2016 - 22:00 16-09-2015 - 15:59
CVE-2015-6962 7.5
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.
21-12-2016 - 22:00 17-09-2015 - 11:59
CVE-2015-6923 7.2
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
21-12-2016 - 22:00 21-09-2015 - 15:59
CVE-2015-6908 5.0
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
21-12-2016 - 22:00 11-09-2015 - 12:59
CVE-2015-6827 6.8
Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php.
21-12-2016 - 22:00 11-09-2015 - 11:59
CVE-2015-6805 3.5
Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.
21-12-2016 - 22:00 02-09-2015 - 10:59
CVE-2015-6655 6.8
Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.
21-12-2016 - 22:00 31-08-2015 - 15:59
CVE-2015-6545 6.8
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
21-12-2016 - 22:00 03-09-2015 - 13:59
CVE-2015-5895 10.0
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5754 9.3
Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping asso
21-12-2016 - 22:00 16-08-2015 - 20:00
CVE-2015-3704 9.3
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
21-12-2016 - 21:59 02-07-2015 - 21:59
CVE-2015-3673 7.2
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.
21-12-2016 - 21:59 02-07-2015 - 21:59
CVE-2015-3290 7.2
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2015-3214 6.9
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an inva
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2015-2528 7.2
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Manage
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2527 7.2
The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which a
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2525 7.2
Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass intended filesystem restri
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2524 7.2
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Manage
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2523 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft O
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2521 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2520 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerabili
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2518 7.2
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a cra
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2517 7.2
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a cra
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2512 7.2
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges v
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2511 7.2
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a cra
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2510 9.3
Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remot
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2509 9.3
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2508 7.2
The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability."
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2507 7.2
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges v
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2015-2321 4.3
Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field.
21-12-2016 - 21:59 13-08-2015 - 10:59
CVE-2012-6644 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter
21-12-2016 - 21:59 08-04-2014 - 10:22
CVE-2015-6306 7.2
Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.
12-12-2016 - 14:40 25-09-2015 - 21:59
CVE-2015-6305 7.2
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current w
12-12-2016 - 14:01 25-09-2015 - 21:59
CVE-2015-2554 7.2
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerabili
12-12-2016 - 13:25 13-10-2015 - 21:59
CVE-2015-2553 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles junctions during mountpoint creation, which make
12-12-2016 - 13:24 13-10-2015 - 21:59
CVE-2015-6522 7.5
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
09-12-2016 - 09:29 19-08-2015 - 11:59
CVE-2015-7648 10.0
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-764
07-12-2016 - 22:14 18-10-2015 - 06:59
CVE-2015-7647 10.0
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-764
07-12-2016 - 22:14 18-10-2015 - 06:59
CVE-2015-7622 10.0
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbit
07-12-2016 - 22:14 14-10-2015 - 19:59
CVE-2015-7387 7.5
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do,
07-12-2016 - 22:13 28-09-2015 - 11:59
CVE-2015-5531 5.0
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
07-12-2016 - 22:10 17-08-2015 - 11:59
CVE-2015-5082 10.0
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.
07-12-2016 - 22:09 28-09-2015 - 11:59
CVE-2015-5075 6.8
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.
07-12-2016 - 22:09 29-09-2015 - 15:59
CVE-2015-5074 7.5
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht ext
07-12-2016 - 22:09 29-09-2015 - 15:59
CVE-2015-4040 4.0
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
07-12-2016 - 22:08 17-09-2015 - 12:59
CVE-2015-3783 7.5
SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
07-12-2016 - 22:08 16-08-2015 - 19:59
CVE-2015-3036 10.0
Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a lo
07-12-2016 - 22:08 20-05-2015 - 21:59
CVE-2015-2342 10.0
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
07-12-2016 - 22:07 12-10-2015 - 06:59
CVE-2015-1538 10.0
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multipl
07-12-2016 - 22:07 30-09-2015 - 20:59
CVE-2015-1100 5.4
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.
07-12-2016 - 22:07 10-04-2015 - 10:59
CVE-2015-0240 10.0
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execu
07-12-2016 - 22:06 23-02-2015 - 20:59
CVE-2013-1942 4.3
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary w
07-12-2016 - 22:03 15-08-2013 - 13:55
CVE-2013-1765 4.3
Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerready parameter.
07-12-2016 - 22:03 14-05-2014 - 15:55
CVE-2013-1464 4.3
Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.
07-12-2016 - 22:03 07-02-2013 - 00:56
CVE-2013-0230 10.0
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
07-12-2016 - 22:02 31-01-2013 - 16:55
CVE-2012-6622 4.3
Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgro
07-12-2016 - 22:02 16-01-2014 - 16:55
CVE-2012-6151 4.3
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout
07-12-2016 - 22:02 13-12-2013 - 13:55
CVE-2012-4242 4.3
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
07-12-2016 - 22:02 01-10-2012 - 19:55
CVE-2012-3414 4.3
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movie
07-12-2016 - 22:02 19-07-2013 - 10:36
CVE-2011-3597 7.5
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
07-12-2016 - 22:02 13-01-2012 - 13:55
CVE-2016-0016 6.9
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain pri
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0015 9.3
DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file,
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0007 6.9
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, wh
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0006 6.9
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, wh
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2015-8740 4.3
The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer o
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8739 4.3
The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and appli
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8736 4.3
The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application c
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8735 4.3
The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8733 4.3
The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8732 4.3
The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8731 4.3
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-b
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8730 4.3
epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application cra
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8729 4.3
The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8728 4.3
The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8727 4.3
The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8726 4.3
wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bou
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8725 4.3
The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to c
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8724 4.3
The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of ser
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8723 4.3
The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attac
07-12-2016 - 13:29 04-01-2016 - 00:59
CVE-2015-8664 7.5
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel arra
07-12-2016 - 13:29 23-12-2015 - 22:59
CVE-2015-8660 7.2
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via
07-12-2016 - 13:29 28-12-2015 - 06:59
CVE-2015-8562 7.5
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
07-12-2016 - 13:28 16-12-2015 - 16:59
CVE-2015-8413 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
07-12-2016 - 13:27 10-12-2015 - 00:59
CVE-2015-8412 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
07-12-2016 - 13:27 10-12-2015 - 00:59
CVE-2015-8411 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
07-12-2016 - 13:27 10-12-2015 - 00:59
CVE-2015-8410 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler
07-12-2016 - 13:27 10-12-2015 - 00:59
CVE-2015-8396 10.0
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM
07-12-2016 - 13:27 12-01-2016 - 15:59
CVE-2015-8358 9.0
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.m
07-12-2016 - 13:27 16-12-2015 - 16:59
CVE-2015-8357 6.5
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the fi
07-12-2016 - 13:27 16-12-2015 - 16:59
CVE-2015-8103 7.5
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the
07-12-2016 - 13:26 25-11-2015 - 15:59
CVE-2015-8046 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19
07-12-2016 - 13:26 11-11-2015 - 08:00
CVE-2015-8043 10.0
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19
07-12-2016 - 13:26 11-11-2015 - 08:00
CVE-2015-7986 7.5
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.
07-12-2016 - 13:25 27-10-2015 - 12:59
CVE-2015-7984 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that
07-12-2016 - 13:25 19-11-2015 - 15:59
CVE-2015-7865 7.7
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local us
07-12-2016 - 13:25 24-11-2015 - 15:59
CVE-2015-7858 7.5
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
07-12-2016 - 13:25 29-10-2015 - 16:59
CVE-2015-7857 7.5
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.p
07-12-2016 - 13:25 29-10-2015 - 16:59
CVE-2015-7805 9.3
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.
07-12-2016 - 13:25 17-11-2015 - 10:59
CVE-2015-7652 9.3
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19
07-12-2016 - 13:24 11-11-2015 - 07:59
CVE-2015-7297 7.5
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
07-12-2016 - 13:23 29-10-2015 - 16:59
CVE-2015-6787 10.0
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
07-12-2016 - 13:21 05-12-2015 - 20:59
CVE-2015-6174 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a c
07-12-2016 - 13:19 09-12-2015 - 06:59
CVE-2015-6173 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a c
07-12-2016 - 13:19 09-12-2015 - 06:59
CVE-2015-6171 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a c
07-12-2016 - 13:19 09-12-2015 - 06:59
CVE-2015-6131 9.3
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted .mcl file, aka "Media Center Library Parsing RCE Vulnerability."
07-12-2016 - 13:18 09-12-2015 - 06:59
CVE-2015-6127 4.3
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center Information Disclosure Vulnerability."
07-12-2016 - 13:18 09-12-2015 - 06:59
CVE-2015-6104 9.3
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers t
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6103 9.3
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers t
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6102 2.1
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protec
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6101 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a c
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6100 7.2
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a c
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6098 7.2
Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows NDIS El
07-12-2016 - 13:18 11-11-2015 - 07:59
CVE-2015-6018 10.0
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
07-12-2016 - 13:17 31-12-2015 - 00:59
CVE-2015-5999 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password
07-12-2016 - 13:17 18-11-2015 - 11:59
CVE-2015-5603 6.5
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
07-12-2016 - 13:17 21-09-2015 - 15:59
CVE-2015-5602 7.2
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
07-12-2016 - 13:17 17-11-2015 - 10:59
CVE-2015-5534 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2)
07-12-2016 - 13:16 02-11-2015 - 14:59
CVE-2015-5354 5.8
Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
07-12-2016 - 13:16 01-07-2015 - 12:59
CVE-2015-5353 7.5
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.
07-12-2016 - 13:16 01-07-2015 - 12:59
CVE-2015-5287 6.9
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-cored
07-12-2016 - 13:16 07-12-2015 - 13:59
CVE-2015-5273 3.6
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name i
07-12-2016 - 13:16 07-12-2015 - 13:59
CVE-2015-5149 5.5
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
07-12-2016 - 13:15 30-06-2015 - 10:59
CVE-2015-5065 5.0
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl
07-12-2016 - 13:15 24-06-2015 - 10:59
CVE-2015-4677 6.8
Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.
07-12-2016 - 13:13 19-06-2015 - 10:59
CVE-2015-4659 6.8
Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php.
07-12-2016 - 13:13 18-06-2015 - 14:59
CVE-2015-4460 6.8
Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accoun
07-12-2016 - 13:12 16-07-2015 - 16:59
CVE-2015-4414 5.0
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
07-12-2016 - 13:12 17-06-2015 - 14:59
CVE-2015-4153 5.0
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin
07-12-2016 - 13:11 10-06-2015 - 14:59
CVE-2015-0802 5.0
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content
06-12-2016 - 22:02 01-04-2015 - 06:59
CVE-2014-9218 5.0
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.
06-12-2016 - 22:01 08-12-2014 - 06:59
CVE-2014-8904 7.2
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.
06-12-2016 - 22:01 15-01-2015 - 17:59
CVE-2014-6287 7.5
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
06-12-2016 - 22:00 07-10-2014 - 06:55
CVE-2014-4492 7.5
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC mes
06-12-2016 - 22:00 30-01-2015 - 06:59
CVE-2014-0476 3.7
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
06-12-2016 - 22:00 25-10-2014 - 18:55
CVE-2011-3478 10.0
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to exec
06-12-2016 - 22:00 25-01-2012 - 10:55
CVE-2010-4417 7.5
Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: t
06-12-2016 - 21:59 19-01-2011 - 11:00
CVE-2016-1879 7.8
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer der
05-12-2016 - 22:07 29-01-2016 - 14:59
CVE-2016-1721 7.2
The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
05-12-2016 - 22:07 01-02-2016 - 06:59
CVE-2016-1720 7.2
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
05-12-2016 - 22:07 01-02-2016 - 06:59
CVE-2016-1719 7.2
The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
05-12-2016 - 22:07 01-02-2016 - 06:59
CVE-2016-0728 7.2
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and us
05-12-2016 - 22:05 07-02-2016 - 22:59
CVE-2015-8770 6.0
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execu
05-12-2016 - 22:04 29-01-2016 - 14:59
CVE-2015-4137 7.5
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
05-12-2016 - 22:02 29-05-2015 - 10:59
CVE-2015-4119 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php
05-12-2016 - 22:02 15-06-2015 - 11:59
CVE-2015-4118 6.5
SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote atta
05-12-2016 - 22:02 15-06-2015 - 11:59
CVE-2015-4084 4.3
Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php.
05-12-2016 - 22:02 28-05-2015 - 10:59
CVE-2015-3693 9.3
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cau
05-12-2016 - 22:01 02-07-2015 - 21:59
CVE-2015-3624 5.8
Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content ad
05-12-2016 - 22:01 09-06-2015 - 10:59
CVE-2015-3443 3.5
Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly h
05-12-2016 - 22:01 02-07-2015 - 10:59
CVE-2015-3440 4.3
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type
05-12-2016 - 22:01 03-08-2015 - 10:59
CVE-2014-8835 9.3
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, relat
05-12-2016 - 21:59 30-01-2015 - 06:59
CVE-2014-7872 7.2
Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.
05-12-2016 - 21:59 09-06-2015 - 10:59
CVE-2015-3221 4.0
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the i
02-12-2016 - 22:08 26-08-2015 - 15:59
CVE-2015-3205 7.5
libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes at the end of the file, related to "free" function calls in the "lexer's memory clean-up procedure."
02-12-2016 - 22:08 16-06-2015 - 12:59
CVE-2015-3141 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user vi
02-12-2016 - 22:08 20-05-2015 - 15:59
CVE-2015-2845 10.0
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
02-12-2016 - 22:06 12-05-2015 - 15:59
CVE-2015-2844 10.0
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.
02-12-2016 - 22:06 12-05-2015 - 15:59
CVE-2015-2843 7.5
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_
02-12-2016 - 22:06 12-05-2015 - 15:59
CVE-2015-2842 10.0
Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executab
02-12-2016 - 22:06 12-05-2015 - 15:59
CVE-2015-2841 5.0
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.
02-12-2016 - 22:06 03-04-2015 - 10:59
CVE-2015-2838 6.8
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metachar
02-12-2016 - 22:06 03-04-2015 - 10:59
CVE-2015-2825 7.5
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a dire
02-12-2016 - 22:06 21-04-2015 - 11:59
CVE-2015-2824 7.5
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in
02-12-2016 - 22:06 06-04-2015 - 11:59
CVE-2015-2805 6.8
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01,
02-12-2016 - 22:06 16-06-2015 - 12:59
CVE-2015-2803 6.0
SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.
02-12-2016 - 22:06 17-06-2015 - 14:59
CVE-2015-2797 10.0
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect
02-12-2016 - 22:06 19-06-2015 - 10:59
CVE-2015-2790 4.3
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image.
02-12-2016 - 22:06 30-03-2015 - 10:59
CVE-2015-2789 4.4
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.
02-12-2016 - 22:06 30-03-2015 - 10:59
CVE-2015-2746 6.5
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell me
02-12-2016 - 22:05 26-03-2015 - 10:59
CVE-2015-2701 6.8
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
02-12-2016 - 22:05 25-03-2015 - 10:59
CVE-2015-2682 5.0
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
02-12-2016 - 22:05 26-03-2015 - 10:59
CVE-2015-2680 6.8
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index
02-12-2016 - 22:05 23-03-2015 - 12:59
CVE-2015-2679 7.5
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
02-12-2016 - 22:05 23-03-2015 - 12:59
CVE-2015-2678 4.3
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index
02-12-2016 - 22:05 23-03-2015 - 12:59
CVE-2015-2562 7.5
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_id
02-12-2016 - 22:05 20-03-2015 - 10:59
CVE-2015-2295 6.8
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the del
02-12-2016 - 22:04 10-04-2015 - 11:00
CVE-2015-2292 6.5
Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL com
02-12-2016 - 22:04 17-03-2015 - 11:59
CVE-2015-2275 4.3
Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy.
02-12-2016 - 22:04 12-03-2015 - 13:59
CVE-2015-2248 6.8
Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for r
02-12-2016 - 22:04 01-05-2015 - 11:59
CVE-2015-2237 7.5
Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php
02-12-2016 - 22:04 12-03-2015 - 13:59
CVE-2015-2223 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) A
02-12-2016 - 22:04 14-04-2015 - 10:59
CVE-2015-2218 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1)
02-12-2016 - 22:04 05-03-2015 - 11:59
CVE-2015-2216 7.5
SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter.
02-12-2016 - 22:04 05-03-2015 - 10:59
CVE-2015-2169 4.3
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned
02-12-2016 - 22:04 24-06-2015 - 10:59
CVE-2015-2166 5.0
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
02-12-2016 - 22:04 06-04-2015 - 11:59
CVE-2010-4279 10.0
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in
02-12-2016 - 21:59 02-12-2010 - 12:15
CVE-2015-6835 7.5
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafte
29-11-2016 - 22:02 16-05-2016 - 06:59
CVE-2015-6834 7.5
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3)
29-11-2016 - 22:02 16-05-2016 - 06:59
CVE-2015-2102 7.5
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
29-11-2016 - 22:01 27-02-2015 - 10:59
CVE-2015-2097 7.5
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) Cha
29-11-2016 - 22:01 09-03-2015 - 10:59
CVE-2015-2094 7.5
Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) S
29-11-2016 - 22:01 09-03-2015 - 10:59
CVE-2015-2090 7.5
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-a
29-11-2016 - 22:01 26-02-2015 - 10:59
CVE-2015-2084 6.8
Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the ima
29-11-2016 - 22:00 25-02-2015 - 17:59
CVE-2015-2071 4.0
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.
29-11-2016 - 22:00 24-02-2015 - 12:59
CVE-2015-2070 7.5
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.
29-11-2016 - 22:00 24-02-2015 - 12:59
CVE-2015-2068 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to
29-11-2016 - 22:00 24-02-2015 - 12:59
CVE-2015-2067 5.0
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
29-11-2016 - 22:00 24-02-2015 - 12:59
CVE-2015-2065 7.5
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admi
29-11-2016 - 22:00 24-02-2015 - 12:59
CVE-2015-2055 7.8
Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter.
29-11-2016 - 22:00 23-02-2015 - 12:59
CVE-2015-1328 7.2
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access b
29-11-2016 - 13:04 27-11-2016 - 22:59
CVE-2015-8703 4.0
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a dif
28-11-2016 - 14:48 30-12-2015 - 00:59
CVE-2015-7252 4.3
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.
28-11-2016 - 14:42 30-12-2015 - 00:59
CVE-2015-7251 10.0
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
28-11-2016 - 14:42 30-12-2015 - 00:59
CVE-2015-7250 7.8
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
28-11-2016 - 14:42 30-12-2015 - 00:59
CVE-2015-7249 6.8
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc a
28-11-2016 - 14:42 30-12-2015 - 00:59
CVE-2015-7248 5.0
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
28-11-2016 - 14:42 30-12-2015 - 00:59
CVE-2015-7112 9.3
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a differe
28-11-2016 - 14:41 11-12-2015 - 07:00
CVE-2015-7084 7.2
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7
28-11-2016 - 14:41 11-12-2015 - 06:59
CVE-2015-7083 7.2
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7
28-11-2016 - 14:41 11-12-2015 - 06:59
CVE-2015-7068 9.3
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an un
28-11-2016 - 14:41 11-12-2015 - 06:59
CVE-2015-7047 7.2
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
28-11-2016 - 14:41 11-12-2015 - 06:59
CVE-2015-7039 6.8
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
28-11-2016 - 14:41 11-12-2015 - 06:59
CVE-2015-6128 7.2
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
28-11-2016 - 14:38 09-12-2015 - 06:59
CVE-2015-5784 9.3
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
28-11-2016 - 14:36 16-08-2015 - 20:01
CVE-2015-5471 5.0
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
28-11-2016 - 14:33 12-01-2016 - 14:59
CVE-2015-5453 6.5
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.
28-11-2016 - 14:33 08-07-2015 - 11:59
CVE-2015-5452 7.5
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.
28-11-2016 - 14:33 08-07-2015 - 11:59
CVE-2015-5066 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q par
28-11-2016 - 14:31 24-06-2015 - 10:59
CVE-2015-4133 7.5
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via
28-11-2016 - 14:27 28-05-2015 - 10:59
CVE-2015-4038 6.5
The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.
28-11-2016 - 14:27 03-06-2015 - 16:59
CVE-2015-3986 4.3
Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators f
28-11-2016 - 14:27 14-05-2015 - 10:59
CVE-2015-3301 4.0
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box
28-11-2016 - 14:23 14-05-2015 - 10:59
CVE-2015-3300 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via th
28-11-2016 - 14:23 14-05-2015 - 10:59
CVE-2015-2464 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee,
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2463 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee,
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2462 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2461 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote atta
28-11-2016 - 14:20 14-08-2015 - 20:59
CVE-2015-2456 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 201
28-11-2016 - 14:19 14-08-2015 - 20:59
CVE-2015-2455 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 201
28-11-2016 - 14:19 14-08-2015 - 20:59
CVE-2015-2444 9.3
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2442.
28-11-2016 - 14:19 14-08-2015 - 06:59
CVE-2015-2433 2.1
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism
28-11-2016 - 14:19 14-08-2015 - 20:59
CVE-2015-2426 9.3
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows rem
28-11-2016 - 14:19 20-07-2015 - 14:59
CVE-2015-1366 4.3
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.
28-11-2016 - 14:18 27-01-2015 - 15:04
CVE-2015-0569 9.3
Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices
28-11-2016 - 14:16 09-05-2016 - 06:59
CVE-2014-9735 7.5
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload
28-11-2016 - 14:14 30-06-2015 - 10:59
CVE-2014-4076 7.2
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."
28-11-2016 - 14:12 11-11-2014 - 17:55
CVE-2013-7108 5.5
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (
28-11-2016 - 14:10 15-01-2014 - 11:08
CVE-2011-1976 4.3
Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer C
28-11-2016 - 14:07 10-08-2011 - 17:55
CVE-2014-8768 5.0
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
22-11-2016 - 10:57 20-11-2014 - 12:50
CVE-2013-5065 7.2
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
01-11-2016 - 13:45 27-11-2013 - 19:55
CVE-2014-7208 7.2
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
25-10-2016 - 22:00 19-12-2014 - 10:59
CVE-2012-2738 4.0
The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
25-10-2016 - 21:59 22-07-2012 - 12:55
CVE-2004-1519 7.5
SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation.
17-10-2016 - 22:55 31-12-2004 - 00:00
CVE-2012-1038 4.3
Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7
29-09-2016 - 14:35 02-04-2013 - 20:55
CVE-2014-7883 5.0
HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.
06-09-2016 - 10:28 15-02-2015 - 15:59
CVE-2014-1806 10.0
The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, ak
06-09-2016 - 09:55 14-05-2014 - 07:13
CVE-2014-7286 7.2
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.
06-09-2016 - 09:46 22-12-2014 - 10:59
CVE-2014-10021 7.5
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to t
06-09-2016 - 09:10 13-01-2015 - 06:59
CVE-2012-4891 4.3
Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this
06-09-2016 - 09:05 10-09-2012 - 18:55
CVE-2014-7884 9.0
Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors.
24-08-2016 - 14:01 13-03-2015 - 21:59
CVE-2014-9322 7.2
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access t
22-08-2016 - 22:08 17-12-2014 - 06:59
CVE-2013-4786 7.8
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 res
22-08-2016 - 22:06 08-07-2013 - 18:55
CVE-2012-3456 7.5
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute
22-08-2016 - 22:05 20-08-2012 - 14:55
CVE-2011-2202 6.4
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwr
22-08-2016 - 22:03 16-06-2011 - 19:55
CVE-2010-4645 5.0
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation
22-08-2016 - 22:02 10-01-2011 - 22:00
CVE-2010-4476 5.0
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows rem
22-08-2016 - 22:02 17-02-2011 - 14:00
CVE-2010-3870 6.8
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protec
22-08-2016 - 22:02 12-11-2010 - 16:00
CVE-2014-5370 7.5
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING t
18-08-2016 - 10:59 21-04-2015 - 11:59
CVE-2015-1875 7.5
SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter.
03-08-2016 - 23:17 11-03-2015 - 10:59
CVE-2016-1909 10.0
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase f
15-07-2016 - 11:42 15-01-2016 - 15:59
CVE-2014-9583 10.0
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass au
30-06-2016 - 13:54 08-01-2015 - 15:59
CVE-2014-4872 7.5
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1
29-06-2016 - 10:33 10-10-2014 - 06:55
CVE-2015-7243 7.5
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
24-06-2016 - 11:54 18-09-2015 - 12:59
CVE-2013-1937 4.3
Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSetting
24-06-2016 - 11:17 16-04-2013 - 10:04
CVE-2011-4317 4.3
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern ma
16-06-2016 - 21:59 29-11-2011 - 23:05
CVE-2011-1944 9.3
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file tha
16-06-2016 - 21:59 02-09-2011 - 12:55
CVE-2015-4420 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to
15-06-2016 - 09:22 18-06-2015 - 14:59
CVE-2015-7768 7.5
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.
15-06-2016 - 08:42 09-10-2015 - 10:59
CVE-2011-5165 9.3
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
15-06-2016 - 08:26 15-09-2012 - 13:55
CVE-2014-8391 4.0
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.
27-05-2016 - 11:48 02-06-2015 - 10:59
CVE-2014-7228 7.5
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through
09-05-2016 - 11:36 03-11-2014 - 17:55
CVE-2015-8399 4.0
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
14-04-2016 - 13:33 11-04-2016 - 17:59
CVE-2015-8398 4.3
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.
13-04-2016 - 19:29 11-04-2016 - 17:59
CVE-2014-9034 5.0
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing,
04-04-2016 - 09:15 25-11-2014 - 18:59
CVE-2015-0555 6.8
Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue fu
31-03-2016 - 21:05 24-02-2015 - 10:59
CVE-2014-3704 7.5
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
31-03-2016 - 13:36 15-10-2014 - 20:55
CVE-2014-1635 10.0
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.
31-03-2016 - 13:35 12-11-2014 - 11:55
CVE-2015-8617 10.0
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to
21-01-2016 - 19:26 19-01-2016 - 00:59
CVE-2015-8261 7.5
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.
08-01-2016 - 14:06 07-01-2016 - 21:59
CVE-2015-2023 7.2
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
07-01-2016 - 15:10 02-01-2016 - 16:59
CVE-2015-7422 2.1
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.
07-01-2016 - 15:08 02-01-2016 - 16:59
CVE-2015-8368 6.0
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
18-12-2015 - 13:43 17-12-2015 - 14:59
CVE-2015-4027 7.2
The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.
18-12-2015 - 13:03 17-12-2015 - 14:59
CVE-2013-7183 7.8
cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action.
18-12-2015 - 12:49 04-02-2014 - 00:39
CVE-2013-7179 8.3
The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter.
18-12-2015 - 12:46 04-02-2014 - 00:39
CVE-2015-8566 7.5
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.
17-12-2015 - 12:32 16-12-2015 - 16:59
CVE-2015-7078 7.2
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects.
11-12-2015 - 13:00 11-12-2015 - 06:59
CVE-2015-7077 7.2
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.
11-12-2015 - 13:00 11-12-2015 - 06:59
CVE-2015-7110 6.9
The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.
11-12-2015 - 12:08 11-12-2015 - 07:00
CVE-2015-7108 7.2
The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
11-12-2015 - 11:58 11-12-2015 - 07:00
CVE-2015-7106 7.2
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
11-12-2015 - 11:49 11-12-2015 - 07:00
CVE-2015-6132 7.2
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain
09-12-2015 - 12:32 09-12-2015 - 06:59
CVE-2015-6152 9.3
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015
09-12-2015 - 12:03 09-12-2015 - 06:59
CVE-2015-3628 9.0
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WO
08-12-2015 - 16:03 07-12-2015 - 15:59
CVE-2012-3819 5.0
Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request.
04-12-2015 - 11:16 04-10-2012 - 07:11
CVE-2012-0067 4.3
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
02-12-2015 - 12:10 11-04-2012 - 06:39
CVE-2014-7177 4.0
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
01-12-2015 - 14:03 31-10-2014 - 10:55
CVE-2015-1494 4.3
The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as d
27-11-2015 - 14:20 17-02-2015 - 10:59
CVE-2014-6137 4.3
Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
27-11-2015 - 13:44 15-02-2015 - 19:59
CVE-2013-0135 7.5
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/reg
27-11-2015 - 12:17 08-04-2013 - 23:34
CVE-2014-7140 7.5
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vec
25-11-2015 - 15:35 21-10-2014 - 10:55
CVE-2015-7808 7.5
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/h
25-11-2015 - 15:23 24-11-2015 - 15:59
CVE-2011-0961 4.3
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
24-11-2015 - 13:08 20-05-2011 - 18:55
CVE-2015-2049 9.0
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
24-11-2015 - 11:54 23-02-2015 - 12:59
CVE-2015-1365 5.0
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
23-11-2015 - 13:32 27-01-2015 - 15:04
CVE-2014-7176 6.5
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
20-11-2015 - 11:26 04-11-2014 - 10:55
CVE-2014-2928 7.1
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edg
20-11-2015 - 11:24 12-05-2014 - 10:55
CVE-2014-8690 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src para
19-11-2015 - 12:24 19-02-2015 - 10:59
CVE-2015-1497 10.0
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
19-11-2015 - 12:04 16-02-2015 - 10:59
CVE-2015-1518 7.5
SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
19-11-2015 - 11:55 11-02-2015 - 14:59
CVE-2014-1222 4.0
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that thi
19-11-2015 - 11:54 12-08-2014 - 19:55
CVE-2015-7897 7.5
The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP ima
17-11-2015 - 12:54 16-11-2015 - 14:59
CVE-2013-3532 7.5
SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter.
17-11-2015 - 11:17 10-05-2013 - 17:55
CVE-2014-0995 5.0
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.
04-11-2015 - 14:28 06-11-2014 - 10:55
CVE-2015-8038 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog.
03-11-2015 - 18:12 02-11-2015 - 14:59
CVE-2015-8037 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory.
03-11-2015 - 18:11 02-11-2015 - 14:59
CVE-2015-5285 5.0
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
30-10-2015 - 16:00 29-10-2015 - 16:59
CVE-2015-0065 9.3
Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "OneTableDocumentStream Remote Code Execution Vulnerability."
30-10-2015 - 15:27 10-02-2015 - 22:01
CVE-2015-0010 1.9
The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Wi
30-10-2015 - 15:06 10-02-2015 - 22:00
CVE-2015-0003 6.9
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users
30-10-2015 - 15:03 10-02-2015 - 22:00
CVE-2015-7904 6.5
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
28-10-2015 - 17:05 28-10-2015 - 06:59
CVE-2015-7903 6.5
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
28-10-2015 - 17:05 28-10-2015 - 06:59
CVE-2015-7901 6.5
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
28-10-2015 - 17:05 28-10-2015 - 06:59
CVE-2015-7900 4.3
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.
28-10-2015 - 17:04 28-10-2015 - 06:59
CVE-2015-6494 3.5
Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
28-10-2015 - 17:04 28-10-2015 - 06:59
CVE-2015-6493 6.8
Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
28-10-2015 - 17:03 28-10-2015 - 06:59
CVE-2015-7902 5.0
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of reques
28-10-2015 - 14:33 28-10-2015 - 06:59
CVE-2014-8868 7.8
EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive information, via a request to /4.
28-10-2015 - 14:09 07-12-2014 - 16:59
CVE-2014-9303 7.8
EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868.
28-10-2015 - 14:05 07-12-2014 - 16:59
CVE-2015-0064 9.3
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial
23-10-2015 - 13:01 10-02-2015 - 22:01
CVE-2015-0060 4.7
The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1
23-10-2015 - 12:56 10-02-2015 - 22:01
CVE-2015-0059 6.9
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted TrueType font, aka
23-10-2015 - 12:50 10-02-2015 - 22:01
CVE-2015-0058 7.2
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka "Windows Cursor Object Double Free Vulnerabil
23-10-2015 - 12:50 10-02-2015 - 22:01
CVE-2015-0057 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users
23-10-2015 - 12:49 10-02-2015 - 22:01
CVE-2015-1318 7.2
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
23-10-2015 - 12:02 17-04-2015 - 13:59
CVE-2015-2314 7.5
SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.
22-10-2015 - 10:43 17-03-2015 - 11:59
CVE-2014-2303 7.5
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.
21-10-2015 - 12:32 13-06-2014 - 10:55
CVE-2015-7602 7.8
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
13-10-2015 - 12:52 29-09-2015 - 15:59
CVE-2014-1695 4.3
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.
13-10-2015 - 12:35 28-02-2014 - 19:01
CVE-2015-7767 7.5
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command.
09-10-2015 - 17:14 09-10-2015 - 10:59
CVE-2015-7766 9.0
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
09-10-2015 - 13:43 09-10-2015 - 10:59
CVE-2015-7765 9.0
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
09-10-2015 - 13:42 09-10-2015 - 10:59
CVE-2014-6352 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploit
08-10-2015 - 12:32 22-10-2014 - 10:55
CVE-2014-4114 9.3
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Offic
08-10-2015 - 11:29 15-10-2014 - 06:55
CVE-2014-3865 6.4
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and
08-10-2015 - 11:09 30-05-2014 - 14:55
CVE-2014-2647 4.3
Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
08-10-2015 - 11:01 18-10-2014 - 21:55
CVE-2013-0229 7.8
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
08-10-2015 - 10:34 31-01-2013 - 16:55
CVE-2012-6624 4.3
Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.ph
08-10-2015 - 10:34 16-01-2014 - 16:55
CVE-2015-7709 10.0
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.
06-10-2015 - 19:30 05-10-2015 - 11:59
CVE-2015-7707 6.5
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
06-10-2015 - 14:13 05-10-2015 - 11:59
CVE-2014-8555 5.0
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.
05-10-2015 - 17:45 12-11-2014 - 11:55
CVE-2015-1338 7.2
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
02-10-2015 - 16:48 01-10-2015 - 16:59
CVE-2014-6446 7.5
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
01-10-2015 - 13:08 26-09-2014 - 17:55
CVE-2015-7603 7.8
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
30-09-2015 - 14:26 29-09-2015 - 15:59
CVE-2015-7601 7.8
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
30-09-2015 - 14:26 29-09-2015 - 15:59
CVE-2014-7868 7.5
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter
29-09-2015 - 15:34 04-12-2014 - 12:59
CVE-2015-3203 7.5
Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the href
29-09-2015 - 15:25 28-09-2015 - 12:59
CVE-2014-7866 7.5
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (
29-09-2015 - 15:10 10-12-2014 - 13:59
CVE-2015-7382 7.5
SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009.
28-09-2015 - 21:07 27-09-2015 - 22:59
CVE-2015-7381 7.5
Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different i
28-09-2015 - 21:06 27-09-2015 - 22:59
CVE-2015-6009 7.5
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issu
28-09-2015 - 20:52 27-09-2015 - 22:59
CVE-2015-6008 7.5
install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381.
28-09-2015 - 20:51 27-09-2015 - 22:59
CVE-2015-7309 6.5
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
23-09-2015 - 15:15 22-09-2015 - 11:59
CVE-2015-6972 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName par
17-09-2015 - 21:54 16-09-2015 - 15:59
CVE-2015-5465 7.2
Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call.
17-09-2015 - 14:44 16-09-2015 - 14:59
CVE-2015-3623 6.4
XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.
17-09-2015 - 14:43 16-09-2015 - 14:59
CVE-2015-6965 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a f
17-09-2015 - 14:21 16-09-2015 - 10:59
CVE-2015-1130 7.2
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
17-09-2015 - 13:41 10-04-2015 - 10:59
CVE-2015-6967 6.5
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in co
17-09-2015 - 13:40 16-09-2015 - 10:59
CVE-2015-6945 4.3
Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp.
16-09-2015 - 10:48 15-09-2015 - 14:59
CVE-2015-6944 6.8
Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp.
16-09-2015 - 10:46 15-09-2015 - 14:59
CVE-2015-6912 10.0
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.
14-09-2015 - 15:08 11-09-2015 - 12:59
CVE-2015-6911 7.5
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
14-09-2015 - 15:07 11-09-2015 - 12:59
CVE-2014-9208 10.0
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.
14-09-2015 - 14:54 11-09-2015 - 12:59
CVE-2015-0097 9.3
Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code Execution
11-09-2015 - 11:42 11-03-2015 - 06:59
CVE-2015-0081 9.3
Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to ex
10-09-2015 - 12:01 11-03-2015 - 06:59
CVE-2014-4736 7.5
SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.
10-09-2015 - 11:30 24-07-2014 - 10:55
CVE-2014-7280 4.3
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.
08-09-2015 - 14:20 21-10-2014 - 11:55
CVE-2015-6811 7.5
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
04-09-2015 - 14:59 04-09-2015 - 11:59
CVE-2015-6810 3.5
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_locatio
04-09-2015 - 14:59 04-09-2015 - 11:59
CVE-2014-9605 9.4
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) chara
04-09-2015 - 14:31 04-09-2015 - 11:59
CVE-2015-6809 4.3
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter
04-09-2015 - 14:26 04-09-2015 - 11:59
CVE-2014-3828 10.0
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter
31-08-2015 - 14:25 22-10-2014 - 21:55
CVE-2015-1171 10.0
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
31-08-2015 - 13:45 28-08-2015 - 17:59
CVE-2014-3997 7.5
SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition bef
28-08-2015 - 11:49 05-12-2014 - 10:59
CVE-2015-6519 7.5
SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php.
20-08-2015 - 13:38 18-08-2015 - 14:00
CVE-2015-6518 4.3
Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table parameter to phpliteadmin.php.
19-08-2015 - 22:40 18-08-2015 - 14:00
CVE-2015-6517 6.8
Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php.
19-08-2015 - 22:33 18-08-2015 - 14:00
CVE-2015-6512 5.0
SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php.
19-08-2015 - 19:10 18-08-2015 - 11:59
CVE-2015-6516 6.5
SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php.
19-08-2015 - 14:51 18-08-2015 - 11:59
CVE-2015-4425 4.9
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
19-08-2015 - 14:19 18-08-2015 - 13:59
CVE-2015-2470 9.3
Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underfl
18-08-2015 - 11:11 14-08-2015 - 20:59
CVE-2015-2468 9.3
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word
18-08-2015 - 10:38 14-08-2015 - 20:59
CVE-2015-2431 9.3
Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft
18-08-2015 - 10:30 14-08-2015 - 20:59
CVE-2015-2460 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5,
18-08-2015 - 03:08 14-08-2015 - 20:59
CVE-2015-2459 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote atta
17-08-2015 - 14:32 14-08-2015 - 20:59
CVE-2015-2469 9.3
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
17-08-2015 - 13:57 14-08-2015 - 20:59
CVE-2015-2458 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote atta
17-08-2015 - 13:38 14-08-2015 - 20:59
CVE-2015-2467 9.3
Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
17-08-2015 - 12:53 14-08-2015 - 20:59
CVE-2015-2432 9.3
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to exe
17-08-2015 - 12:33 14-08-2015 - 20:59
CVE-2015-4666 5.0
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
13-08-2015 - 14:29 13-08-2015 - 10:59
CVE-2015-4665 4.3
Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.
13-08-2015 - 14:25 13-08-2015 - 10:59
CVE-2014-2091 3.5
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the origina
13-08-2015 - 14:05 02-03-2014 - 12:55
CVE-2015-4616 5.0
Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.
11-08-2015 - 10:46 08-07-2015 - 12:59
CVE-2015-4614 7.5
Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-
11-08-2015 - 10:46 08-07-2015 - 12:59
CVE-2013-5954 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admi
11-08-2015 - 10:37 25-04-2014 - 10:15
CVE-2014-8954 4.3
Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.ph
06-08-2015 - 12:45 17-11-2014 - 11:59
CVE-2014-8507 7.5
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, an
06-08-2015 - 12:41 15-12-2014 - 13:59
CVE-2014-8375 6.5
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php
06-08-2015 - 12:41 21-10-2014 - 10:55
CVE-2015-1489 8.5
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.
03-08-2015 - 14:26 31-07-2015 - 21:59
CVE-2015-1487 5.5
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.
03-08-2015 - 14:25 31-07-2015 - 21:59
CVE-2015-1486 7.5
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.
03-08-2015 - 14:22 31-07-2015 - 21:59
CVE-2014-3749 7.5
SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp.
31-07-2015 - 21:44 20-05-2014 - 10:55
CVE-2014-3427 5.0
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
31-07-2015 - 21:39 16-07-2014 - 10:19
CVE-2014-3210 6.5
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-aj
31-07-2015 - 21:37 22-05-2014 - 11:13
CVE-2015-2183 7.5
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an
28-07-2015 - 11:05 10-03-2015 - 10:59
CVE-2014-3439 6.1
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.
28-07-2015 - 10:50 07-11-2014 - 06:55
CVE-2014-3437 7.5
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with
28-07-2015 - 10:49 07-11-2014 - 06:55
CVE-2015-2862 4.0
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.
22-07-2015 - 07:21 20-07-2015 - 19:59
CVE-2015-2863 4.3
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attac
21-07-2015 - 17:11 20-07-2015 - 19:59
CVE-2015-5530 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/crea
21-07-2015 - 07:26 16-07-2015 - 11:59
CVE-2015-5529 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to das
21-07-2015 - 07:25 16-07-2015 - 11:59
CVE-2015-5520 4.3
Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly
17-07-2015 - 18:32 14-07-2015 - 12:59
CVE-2015-2370 7.2
The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold
15-07-2015 - 11:24 14-07-2015 - 18:59
CVE-2015-2366 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "W
15-07-2015 - 11:20 14-07-2015 - 18:59
CVE-2015-2365 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows l
15-07-2015 - 11:20 14-07-2015 - 18:59
CVE-2015-1579 5.0
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerab
14-07-2015 - 14:22 11-02-2015 - 14:59
CVE-2015-1561 6.5
The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands
14-07-2015 - 14:04 14-07-2015 - 12:59
CVE-2015-1560 7.5
SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/Xml
14-07-2015 - 14:02 14-07-2015 - 12:59
CVE-2014-3438 4.3
Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
02-07-2015 - 22:35 07-11-2014 - 06:55
CVE-2015-5150 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportH
01-07-2015 - 11:43 30-06-2015 - 10:59
CVE-2015-5148 7.5
SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search.
01-07-2015 - 11:36 30-06-2015 - 10:59
CVE-2014-9734 5.0
Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php
01-07-2015 - 11:12 30-06-2015 - 10:59
CVE-2015-4018 6.5
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in t
25-06-2015 - 12:22 21-05-2015 - 16:59
CVE-2015-3337 4.3
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
25-06-2015 - 12:07 01-05-2015 - 11:59
CVE-2015-3325 7.5
SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.
25-06-2015 - 11:50 15-05-2015 - 14:59
CVE-2015-1427 7.5
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
25-06-2015 - 11:16 17-02-2015 - 10:59
CVE-2015-4658 7.5
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.
19-06-2015 - 10:37 18-06-2015 - 14:59
CVE-2015-3897 5.0
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
19-06-2015 - 10:17 18-06-2015 - 14:59
CVE-2014-8606 4.0
Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-adm
11-06-2015 - 14:33 10-06-2015 - 14:59
CVE-2014-8607 2.1
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.
11-06-2015 - 13:53 10-06-2015 - 14:59
CVE-2015-4465 4.3
Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11-06-2015 - 13:47 10-06-2015 - 14:59
CVE-2014-8605 5.0
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request t
11-06-2015 - 13:35 10-06-2015 - 14:59
CVE-2014-8604 5.0
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors.
11-06-2015 - 13:33 10-06-2015 - 14:59
CVE-2014-8603 6.5
cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[ta
11-06-2015 - 13:32 10-06-2015 - 14:59
CVE-2015-1727 7.2
Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 all
10-06-2015 - 12:41 09-06-2015 - 21:59
CVE-2015-1726 7.2
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gol
10-06-2015 - 12:40 09-06-2015 - 21:59
CVE-2015-1725 7.2
Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 all
10-06-2015 - 12:37 09-06-2015 - 21:59
CVE-2015-1724 7.2
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gol
10-06-2015 - 11:57 09-06-2015 - 21:59
CVE-2015-1723 7.2
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gol
10-06-2015 - 11:54 09-06-2015 - 21:59
CVE-2015-1722 7.2
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gol
10-06-2015 - 11:51 09-06-2015 - 21:59
CVE-2015-1721 7.2
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to g
10-06-2015 - 11:47 09-06-2015 - 21:59
CVE-2015-0779 10.0
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WA
08-06-2015 - 14:40 07-06-2015 - 19:59
CVE-2014-0999 5.0
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.
03-06-2015 - 08:25 02-06-2015 - 10:59
CVE-2015-2269 3.5
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1)
02-06-2015 - 14:04 01-06-2015 - 15:59
CVE-2015-4066 6.5
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add acti
02-06-2015 - 10:08 27-05-2015 - 14:59
CVE-2015-4065 3.5
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/po
28-05-2015 - 10:57 27-05-2015 - 14:59
CVE-2015-4064 6.5
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-ad
28-05-2015 - 10:56 27-05-2015 - 14:59
CVE-2015-4063 3.5
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-a
28-05-2015 - 10:55 27-05-2015 - 14:59
CVE-2015-4062 6.5
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
28-05-2015 - 10:54 27-05-2015 - 14:59
CVE-2012-1665 7.5
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute ar
21-05-2015 - 12:54 20-05-2015 - 14:59
CVE-2012-1664 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) curr
21-05-2015 - 12:53 20-05-2015 - 14:59
CVE-2013-2131 5.0
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.
19-05-2015 - 12:22 04-01-2015 - 16:59
CVE-2015-1397 6.5
SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the
11-05-2015 - 22:03 29-04-2015 - 18:59
CVE-2011-4403 5.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disab
27-04-2015 - 10:28 24-04-2015 - 10:59
CVE-2014-9258 6.5
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
17-04-2015 - 21:59 19-12-2014 - 10:59
CVE-2014-9311 3.5
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action
15-04-2015 - 11:15 14-04-2015 - 10:59
CVE-2014-9146 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.
15-04-2015 - 11:11 14-04-2015 - 10:59
CVE-2014-9145 7.5
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/con
15-04-2015 - 09:20 14-04-2015 - 10:59
CVE-2014-3146 4.3
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
14-04-2015 - 22:00 14-05-2014 - 15:55
CVE-2014-0998 7.2
Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call,
13-04-2015 - 21:59 02-02-2015 - 11:59
CVE-2014-9445 7.5
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) atta
06-04-2015 - 12:55 02-01-2015 - 15:59
CVE-2015-2791 6.4
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
31-03-2015 - 13:24 30-03-2015 - 10:59
CVE-2015-2284 10.0
userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.
25-03-2015 - 17:13 24-03-2015 - 13:59
CVE-2014-100003 7.5
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.
24-03-2015 - 16:49 13-01-2015 - 06:59
CVE-2014-9261 5.0
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
24-03-2015 - 10:45 23-03-2015 - 12:59
CVE-2015-2564 6.5
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
23-03-2015 - 09:30 20-03-2015 - 10:59
CVE-2015-2315 4.3
Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.
18-03-2015 - 12:14 17-03-2015 - 11:59
CVE-2014-3631 7.2
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference
17-03-2015 - 22:01 28-09-2014 - 06:55
CVE-2015-2208 7.5
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.
12-03-2015 - 12:42 12-03-2015 - 10:59
CVE-2015-2182 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The sea
11-03-2015 - 15:38 11-03-2015 - 10:59
CVE-2014-9566 7.5
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Net
11-03-2015 - 15:19 10-03-2015 - 10:59
CVE-2010-5322 4.3
Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php.
11-03-2015 - 11:05 11-03-2015 - 10:59
CVE-2015-2184 5.0
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function.
11-03-2015 - 10:55 10-03-2015 - 10:59
CVE-2015-2199 6.5
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-a
04-03-2015 - 14:14 03-03-2015 - 14:59
CVE-2015-2198 4.3
Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly hand
04-03-2015 - 14:13 03-03-2015 - 14:59
CVE-2015-2196 7.5
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.
04-03-2015 - 14:11 03-03-2015 - 14:59
CVE-2011-0538 6.8
Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have uns
25-02-2015 - 21:59 08-02-2011 - 17:00
CVE-2015-1517 6.0
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.
23-02-2015 - 14:08 20-02-2015 - 11:59
CVE-2015-0318 10.0
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a d
20-02-2015 - 22:01 05-02-2015 - 19:59
CVE-2015-1587 7.5
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a reques
20-02-2015 - 20:33 19-02-2015 - 10:59
CVE-2015-1515 7.2
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL
20-02-2015 - 20:23 19-02-2015 - 10:59
CVE-2015-1305 6.9
McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call.
19-02-2015 - 13:57 06-02-2015 - 10:59
CVE-2014-8653 4.3
Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie.
18-02-2015 - 13:04 06-11-2014 - 10:55
CVE-2014-8498 6.5
SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL comman
18-02-2015 - 13:02 17-11-2014 - 11:59
CVE-2014-9301 6.4
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI
17-02-2015 - 10:29 07-12-2014 - 16:59
CVE-2014-9632 7.2
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0
17-02-2015 - 10:28 06-02-2015 - 10:59
CVE-2014-7196
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a duplicate of CVE-2014-7169. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-7169 instead of this candidat
15-02-2015 - 15:59 15-02-2015 - 15:59
CVE-2015-0311 10.0
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited i
13-02-2015 - 22:00 23-01-2015 - 16:59
CVE-2015-1471 7.5
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
13-02-2015 - 15:57 12-02-2015 - 11:59
CVE-2015-1578 5.8
Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admin/pidvesa.php or (2) uri parameter to u5admin/meta2
12-02-2015 - 12:53 11-02-2015 - 14:59
CVE-2015-1577 6.4
Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter.
12-02-2015 - 12:53 11-02-2015 - 14:59
CVE-2015-1576 7.5
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/;
12-02-2015 - 12:52 11-02-2015 - 14:59
CVE-2015-1575 4.3
Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php;
12-02-2015 - 12:51 11-02-2015 - 14:59
CVE-2014-9643 7.2
K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950
09-02-2015 - 11:09 06-02-2015 - 10:59
CVE-2014-9642 7.2
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call.
09-02-2015 - 11:09 06-02-2015 - 10:59
CVE-2014-9641 7.2
The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call.
09-02-2015 - 11:02 06-02-2015 - 10:59
CVE-2015-1467 7.5
Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
09-02-2015 - 09:15 06-02-2015 - 10:59
CVE-2015-1479 6.5
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
06-02-2015 - 15:40 04-02-2015 - 11:59
CVE-2014-8272 5.0
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-f
05-02-2015 - 15:13 19-12-2014 - 06:59
CVE-2014-8517 7.5
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an H
05-02-2015 - 13:18 17-11-2014 - 11:59
CVE-2015-1482 5.0
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
05-02-2015 - 12:26 04-02-2015 - 13:59
CVE-2015-1481 6.5
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.
05-02-2015 - 11:09 04-02-2015 - 13:59
CVE-2015-1478 4.3
Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds.
04-02-2015 - 14:54 04-02-2015 - 11:59
CVE-2015-1477 7.5
SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads.
04-02-2015 - 14:54 04-02-2015 - 11:59
CVE-2015-1480 4.0
ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/
04-02-2015 - 14:43 04-02-2015 - 11:59
CVE-2015-1476 7.5
Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.
04-02-2015 - 14:40 04-02-2015 - 11:59
CVE-2014-9331 6.8
Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to S
04-02-2015 - 12:29 04-02-2015 - 11:59
CVE-2015-1428 7.5
Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands vi
04-02-2015 - 11:59 03-02-2015 - 11:59
CVE-2015-1400 7.5
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.
04-02-2015 - 11:58 03-02-2015 - 11:59
CVE-2014-9633 7.5
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference.
04-02-2015 - 11:39 03-02-2015 - 11:59
CVE-2014-8612 4.6
Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function,
04-02-2015 - 00:09 02-02-2015 - 11:59
CVE-2015-1422 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak
02-02-2015 - 11:52 29-01-2015 - 10:59
CVE-2015-1424 6.8
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.
30-01-2015 - 14:05 29-01-2015 - 10:59
CVE-2015-1423 6.5
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
30-01-2015 - 14:04 29-01-2015 - 10:59
CVE-2015-1368 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) u
28-01-2015 - 14:01 27-01-2015 - 15:04
CVE-2015-1376 4.0
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
28-01-2015 - 12:05 28-01-2015 - 06:59
CVE-2015-1375 7.5
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
28-01-2015 - 11:50 28-01-2015 - 06:59
CVE-2015-1362 7.5
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file.
28-01-2015 - 11:17 27-01-2015 - 15:04
CVE-2015-1364 7.5
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.
28-01-2015 - 10:53 27-01-2015 - 15:04
CVE-2015-1372 7.5
SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.
27-01-2015 - 23:13 27-01-2015 - 15:04
CVE-2015-1371 7.5
Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/.
27-01-2015 - 23:13 27-01-2015 - 15:04
CVE-2015-1374 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3)
27-01-2015 - 21:24 27-01-2015 - 15:04
CVE-2015-1373 4.3
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not pr
27-01-2015 - 21:24 27-01-2015 - 15:04
CVE-2014-8802 5.0
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verif
26-01-2015 - 07:56 23-01-2015 - 10:59
CVE-2015-1028 3.5
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configur
26-01-2015 - 07:55 21-01-2015 - 10:28
CVE-2015-0925 9.0
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrate
23-01-2015 - 21:26 22-01-2015 - 09:02
CVE-2015-0554 9.4
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (devi
23-01-2015 - 15:43 21-01-2015 - 13:59
CVE-2014-9598 6.8
The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.
22-01-2015 - 10:44 21-01-2015 - 10:17
CVE-2014-9597 6.8
The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.
22-01-2015 - 10:43 21-01-2015 - 10:17
CVE-2014-9195 7.5
Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.
22-01-2015 - 10:18 16-01-2015 - 21:59
CVE-2014-8386 7.5
Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file.
21-01-2015 - 12:38 20-01-2015 - 10:59
CVE-2015-1060 5.8
Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
20-01-2015 - 09:20 16-01-2015 - 10:59
CVE-2015-1059 6.5
Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/u
20-01-2015 - 09:02 16-01-2015 - 10:59
CVE-2015-1058 4.3
Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/
20-01-2015 - 09:01 16-01-2015 - 10:59
CVE-2015-1057 4.3
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.
20-01-2015 - 09:00 16-01-2015 - 10:59
CVE-2015-1054 3.5
Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game.
20-01-2015 - 08:58 16-01-2015 - 10:59
CVE-2014-9308 6.5
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an
16-01-2015 - 11:29 15-01-2015 - 10:59
CVE-2014-100039 2.1
mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from thi
14-01-2015 - 15:02 13-01-2015 - 10:59
CVE-2014-100013 4.3
Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field.
14-01-2015 - 14:45 13-01-2015 - 10:59
CVE-2014-10011 7.5
Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3)
14-01-2015 - 08:39 13-01-2015 - 06:59
CVE-2014-10013 7.5
SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.
13-01-2015 - 19:15 13-01-2015 - 06:59
CVE-2013-7420 7.5
Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.
13-01-2015 - 15:45 12-01-2015 - 12:59
CVE-2014-62771
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271. Reason: This candidate is a duplicate of CVE-2014-6271. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-6271 instead of this candidate
13-01-2015 - 06:59 13-01-2015 - 06:59
CVE-2014-8810 6.5
SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.
12-01-2015 - 02:12 24-12-2014 - 13:59
CVE-2014-4644 7.5
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
12-01-2015 - 02:10 25-06-2014 - 16:55
CVE-2014-9582 4.3
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly
10-01-2015 - 21:59 08-01-2015 - 15:59
CVE-2014-9581 5.0
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; s
10-01-2015 - 21:59 08-01-2015 - 15:59
CVE-2014-9580 4.3
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-11
10-01-2015 - 21:59 08-01-2015 - 14:59
CVE-2014-9456 10.0
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more infor
10-01-2015 - 21:59 02-01-2015 - 15:59
CVE-2014-9440 7.5
SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.
10-01-2015 - 21:59 02-01-2015 - 14:59
CVE-2011-3713 5.0
cFTP r80 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/session_check.php and certain other files.
09-01-2015 - 21:59 23-09-2011 - 19:55
CVE-2014-1155
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9580. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs wi
09-01-2015 - 19:59 09-01-2015 - 19:59
CVE-2014-1137
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9445, CVE-2014-9581, CVE-2014-9582. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accid
09-01-2015 - 19:59 09-01-2015 - 19:59
CVE-2014-1004
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9456. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs wi
09-01-2015 - 19:59 09-01-2015 - 19:59
CVE-2015-0919 7.5
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
08-01-2015 - 14:55 08-01-2015 - 10:59
CVE-2014-9567 7.5
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to th
08-01-2015 - 14:19 07-01-2015 - 13:59
CVE-2014-9473 7.5
Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, the
08-01-2015 - 14:06 07-01-2015 - 19:59
CVE-2014-9528 7.5
SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter
06-01-2015 - 14:58 06-01-2015 - 10:59
CVE-2014-9522 4.3
Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.
06-01-2015 - 11:55 05-01-2015 - 15:59
CVE-2014-9516 4.3
Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.
06-01-2015 - 11:48 05-01-2015 - 15:59
CVE-2014-9448 7.5
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
05-01-2015 - 22:03 02-01-2015 - 15:59
CVE-2014-9457 6.5
SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php.
05-01-2015 - 18:41 02-01-2015 - 15:59
CVE-2014-9439 4.3
Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp.
05-01-2015 - 16:14 02-01-2015 - 14:59
CVE-2014-9436 5.0
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
05-01-2015 - 16:12 02-01-2015 - 14:59
CVE-2014-9435 6.5
Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username par
05-01-2015 - 16:08 02-01-2015 - 14:59
CVE-2014-9434 3.5
Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter.
05-01-2015 - 16:07 02-01-2015 - 14:59
CVE-2014-9464 7.5
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
05-01-2015 - 13:31 03-01-2015 - 17:59
CVE-2014-5462 6.5
Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_na
02-01-2015 - 20:34 08-12-2014 - 11:59
CVE-2014-9119 5.0
Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
02-01-2015 - 20:30 31-12-2014 - 17:59
CVE-2014-9254 7.5
bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
02-01-2015 - 20:30 31-12-2014 - 16:59
CVE-2014-9016 5.0
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
30-12-2014 - 16:11 24-11-2014 - 10:59
CVE-2014-4322 7.2
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl ca
24-12-2014 - 12:03 24-12-2014 - 10:59
CVE-2014-9412 4.3
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in
23-12-2014 - 14:13 23-12-2014 - 06:59
CVE-2014-9115 7.5
SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.
23-12-2014 - 14:12 23-12-2014 - 06:59
CVE-2014-5216 4.3
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the e
23-12-2014 - 14:07 23-12-2014 - 06:59
CVE-2014-9350 5.0
TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm.
23-12-2014 - 12:12 08-12-2014 - 11:59
CVE-2014-9348 7.5
SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php.
23-12-2014 - 12:10 08-12-2014 - 11:59
CVE-2014-9349 4.3
Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter to admin/robots.php.
23-12-2014 - 12:09 08-12-2014 - 11:59
CVE-2014-9141 7.2
The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
17-12-2014 - 11:17 02-12-2014 - 20:59
CVE-2014-8493 5.0
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
16-12-2014 - 22:00 20-11-2014 - 12:50
CVE-2014-7178 9.3
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
16-12-2014 - 21:46 28-11-2014 - 10:59
CVE-2014-8791 6.0
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
16-12-2014 - 14:23 01-12-2014 - 20:59
CVE-2014-9347 7.5
SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter.
16-12-2014 - 11:37 08-12-2014 - 11:59
CVE-2014-2973
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5753. Reason: This candidate is a duplicate of CVE-2008-5753. Notes: All CVE users should reference CVE-2008-5753 instead of this candidate. All references and descriptions in t
15-12-2014 - 13:59 15-12-2014 - 13:59
CVE-2014-9113 7.2
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinServic
15-12-2014 - 11:27 02-12-2014 - 11:59
CVE-2014-9344 6.8
Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snow
09-12-2014 - 16:49 08-12-2014 - 11:59
CVE-2014-9345 7.5
SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi.
09-12-2014 - 16:49 08-12-2014 - 11:59
CVE-2014-9302 5.0
Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI i
09-12-2014 - 15:06 07-12-2014 - 16:59
CVE-2014-9265 6.8
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
09-12-2014 - 13:50 08-12-2014 - 11:59
CVE-2014-9305 6.5
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_p
09-12-2014 - 13:21 08-12-2014 - 11:59
CVE-2014-4880 7.5
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.
08-12-2014 - 11:00 08-12-2014 - 06:59
CVE-2014-9178 7.5
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the
08-12-2014 - 10:25 02-12-2014 - 11:59
CVE-2014-9144 7.5
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
05-12-2014 - 20:41 05-12-2014 - 10:59
CVE-2014-9215 7.5
SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the em
05-12-2014 - 20:36 05-12-2014 - 10:59
CVE-2014-9143 4.3
Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.
05-12-2014 - 15:00 05-12-2014 - 10:59
CVE-2014-9142 4.3
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
05-12-2014 - 14:59 05-12-2014 - 10:59
CVE-2014-8877 10.0
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, w
05-12-2014 - 14:20 05-12-2014 - 13:59
CVE-2014-8800 4.3
Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_up
05-12-2014 - 14:17 05-12-2014 - 10:59
CVE-2014-8728 7.5
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter.
05-12-2014 - 10:50 02-12-2014 - 11:59
CVE-2014-8773 6.8
MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.
05-12-2014 - 10:35 03-12-2014 - 13:59
CVE-2014-8775 5.0
MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
05-12-2014 - 10:28 03-12-2014 - 13:59
CVE-2014-8774 4.3
Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.
05-12-2014 - 09:28 03-12-2014 - 13:59
CVE-2014-9235 6.5
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id paramete
05-12-2014 - 09:10 03-12-2014 - 16:59
CVE-2014-9236 4.3
Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter.
05-12-2014 - 09:05 03-12-2014 - 16:59
CVE-2014-9237 7.5
SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.
05-12-2014 - 09:04 03-12-2014 - 16:59
CVE-2014-9240 7.5
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.
05-12-2014 - 08:56 03-12-2014 - 16:59
CVE-2014-9241 4.3
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig actio
05-12-2014 - 08:55 03-12-2014 - 16:59
CVE-2014-9242 7.5
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
05-12-2014 - 08:54 03-12-2014 - 16:59
CVE-2014-9243 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3)
05-12-2014 - 08:50 03-12-2014 - 16:59
CVE-2014-6034 5.0
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote aut
05-12-2014 - 08:45 04-12-2014 - 12:59
CVE-2014-9173 7.5
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
03-12-2014 - 15:00 02-12-2014 - 11:59
CVE-2014-9179 4.0
Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket.
03-12-2014 - 14:08 02-12-2014 - 11:59
CVE-2014-9175 7.5
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.
03-12-2014 - 13:42 02-12-2014 - 11:59
CVE-2014-5284 7.2
host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before
02-12-2014 - 09:08 01-12-2014 - 20:59
CVE-2014-8801 5.0
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax
28-11-2014 - 14:13 28-11-2014 - 10:59
CVE-2014-8799 5.0
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
28-11-2014 - 14:08 28-11-2014 - 10:59
CVE-2014-8425 7.8
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.
28-11-2014 - 13:17 28-11-2014 - 10:59
CVE-2014-8424 7.8
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
28-11-2014 - 13:04 28-11-2014 - 10:59
CVE-2014-8423 10.0
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.
28-11-2014 - 13:00 28-11-2014 - 10:59
CVE-2014-9097 7.5
Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid paramete
28-11-2014 - 09:10 26-11-2014 - 10:59
CVE-2014-9094 4.3
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand
28-11-2014 - 08:46 26-11-2014 - 10:59
CVE-2014-9099 6.8
Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense
26-11-2014 - 16:55 26-11-2014 - 10:59
CVE-2014-8469 4.3
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.
24-11-2014 - 10:31 21-11-2014 - 10:59
CVE-2014-8681 7.5
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issue
24-11-2014 - 10:16 21-11-2014 - 10:59
CVE-2014-8682 7.5
Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in
24-11-2014 - 10:15 21-11-2014 - 10:59
CVE-2014-9005 7.5
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
20-11-2014 - 10:09 20-11-2014 - 08:55
CVE-2014-9001 6.5
reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.
20-11-2014 - 10:09 20-11-2014 - 08:55
CVE-2014-9004 4.3
Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.
20-11-2014 - 10:07 20-11-2014 - 08:55
CVE-2014-9000 6.5
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user.
20-11-2014 - 10:00 20-11-2014 - 08:55
CVE-2014-8997 7.5
Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct r
20-11-2014 - 09:55 20-11-2014 - 08:55
CVE-2014-8998 6.5
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
20-11-2014 - 09:43 20-11-2014 - 08:55
CVE-2014-8995 5.0
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
20-11-2014 - 09:29 20-11-2014 - 08:55
CVE-2014-8387 9.0
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.
20-11-2014 - 09:22 20-11-2014 - 08:55
CVE-2014-8953 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/ad
17-11-2014 - 17:57 17-11-2014 - 11:59
CVE-2014-8596 7.5
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/adm
17-11-2014 - 17:42 17-11-2014 - 11:59
CVE-2014-8499 6.5
Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH
17-11-2014 - 17:26 17-11-2014 - 11:59
CVE-2014-8770 9.0
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file t
14-11-2014 - 10:27 13-11-2014 - 16:32
CVE-2014-8652 5.0
Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681.
14-11-2014 - 08:44 10-11-2014 - 06:55
CVE-2014-8586 7.5
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
10-11-2014 - 11:16 04-11-2014 - 10:55
CVE-2014-8657 5.0
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html.
06-11-2014 - 14:24 06-11-2014 - 10:55
CVE-2014-8656 10.0
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attacke
06-11-2014 - 14:20 06-11-2014 - 10:55
CVE-2014-8655 5.0
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData coo
06-11-2014 - 14:12 06-11-2014 - 10:55
CVE-2014-8654 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators f
06-11-2014 - 14:05 06-11-2014 - 10:55
CVE-2013-7057 6.8
Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.
05-11-2014 - 08:38 04-11-2014 - 10:55
CVE-2014-4311 5.0
Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.
04-11-2014 - 22:50 03-11-2014 - 21:55
CVE-2014-5507 7.2
iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.
04-11-2014 - 17:10 03-11-2014 - 11:55
CVE-2014-8577 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) dat
03-11-2014 - 20:09 31-10-2014 - 10:55
CVE-2013-3304 5.0
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
31-10-2014 - 15:04 30-10-2014 - 10:55
CVE-2012-5702 4.3
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3
24-10-2014 - 09:06 21-10-2014 - 10:55
CVE-2014-7281 6.8
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/
24-10-2014 - 09:02 23-10-2014 - 10:55
CVE-2012-5701 6.8
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a department
24-10-2014 - 08:46 20-10-2014 - 11:55
CVE-2014-8295 7.5
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
21-10-2014 - 21:40 15-10-2014 - 10:55
CVE-2014-4312 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary web script or HTML via the (1) Notes section to Order details; (2) Description section to "Order to
15-10-2014 - 12:55 10-10-2014 - 10:55
CVE-2014-3671
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187. Reason: This candidate is a duplicate of CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-716
13-10-2014 - 14:55 13-10-2014 - 14:55
CVE-2014-7226 7.5
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
10-10-2014 - 15:59 09-10-2014 - 21:55
CVE-2014-5300 5.0
Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature.
09-10-2014 - 13:48 08-10-2014 - 15:55
CVE-2014-5308 9.0
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
09-10-2014 - 08:55 08-10-2014 - 13:55
CVE-2014-6389 7.5
backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter.
07-10-2014 - 21:47 06-10-2014 - 19:55
CVE-2013-1436 7.5
The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an acti
07-10-2014 - 19:33 06-10-2014 - 19:55
CVE-2013-2645 9.3
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP direc
06-10-2014 - 14:50 05-10-2014 - 21:55
CVE-2014-7227
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187. Reason: This candidate is a duplicate of CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-716
03-10-2014 - 14:55 03-10-2014 - 14:55
CVE-2014-7190 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
01-10-2014 - 15:30 30-09-2014 - 12:55
CVE-2013-3083 6.8
Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via
30-09-2014 - 21:04 29-09-2014 - 18:55
CVE-2014-5189 7.5
SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
25-09-2014 - 09:09 07-08-2014 - 07:13
CVE-2014-3659
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a reservation duplicate of CVE-2014-7169 because the CNA for this ID did not follow multiple procedures that are intended to minimize duplicate CVE
25-09-2014 - 06:55 25-09-2014 - 06:55
CVE-2012-1506 6.5
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php.
18-09-2014 - 10:53 17-09-2014 - 10:55
CVE-2012-1507 4.3
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates
18-09-2014 - 10:38 17-09-2014 - 10:55
CVE-2012-1556 4.3
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
16-09-2014 - 12:29 12-09-2014 - 10:55
CVE-2012-0984 4.3
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target par
11-09-2014 - 12:46 11-09-2014 - 10:16
CVE-2014-6235 7.5
Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
11-09-2014 - 12:27 11-09-2014 - 10:16
CVE-2012-4768 4.3
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
05-09-2014 - 09:51 04-09-2014 - 10:55
CVE-2012-4234 4.3
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
05-09-2014 - 09:19 04-09-2014 - 10:55
CVE-2014-5368 5.0
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (do
27-08-2014 - 20:53 22-08-2014 - 10:55
CVE-2014-5097 7.5
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.
27-08-2014 - 01:37 22-08-2014 - 10:55
CVE-2014-5200 7.5
SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
13-08-2014 - 14:04 12-08-2014 - 16:55
CVE-2014-3854 6.8
Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter.
07-08-2014 - 12:24 07-08-2014 - 07:13
CVE-2014-5180 6.5
SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action t
07-08-2014 - 08:30 06-08-2014 - 15:55
CVE-2013-5092 4.3
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
06-08-2014 - 09:05 29-01-2014 - 13:55
CVE-2014-5101 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip
04-08-2014 - 11:29 25-07-2014 - 15:55
CVE-2014-5112 7.5
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.
29-07-2014 - 10:09 28-07-2014 - 11:55
CVE-2014-5111 5.0
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg
29-07-2014 - 09:51 28-07-2014 - 11:55
CVE-2014-5109 7.5
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
29-07-2014 - 09:39 28-07-2014 - 11:55
CVE-2014-5104 7.5
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_bann
29-07-2014 - 09:04 28-07-2014 - 11:55
CVE-2014-2227 6.0
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin P
28-07-2014 - 08:48 25-07-2014 - 15:55
CVE-2014-4937 5.0
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
14-07-2014 - 14:29 11-07-2014 - 16:55
CVE-2014-4939 6.5
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
14-07-2014 - 14:27 11-07-2014 - 16:55
CVE-2014-4940 5.0
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
14-07-2014 - 14:25 11-07-2014 - 16:55
CVE-2014-4944 6.5
Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.p
14-07-2014 - 14:15 14-07-2014 - 10:55
CVE-2014-4938 7.5
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.
14-07-2014 - 13:42 11-07-2014 - 16:55
CVE-2014-4852 7.5
SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter.
10-07-2014 - 20:08 10-07-2014 - 12:55
CVE-2014-4741 7.5
SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
10-07-2014 - 09:49 09-07-2014 - 10:55
CVE-2014-2934 7.5
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
01-07-2014 - 13:57 08-05-2014 - 06:55
CVE-2014-4030 6.8
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
26-06-2014 - 10:25 25-06-2014 - 16:55
CVE-2013-3081 7.5
SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/.
24-06-2014 - 11:18 09-06-2014 - 15:55
CVE-2013-3082 4.3
Cross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_password.php in Jojo before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter to forgot-password/.
24-06-2014 - 11:16 09-06-2014 - 15:55
CVE-2014-0007 7.5
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.
23-06-2014 - 10:45 20-06-2014 - 10:55
CVE-2011-4367 5.0
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.
20-06-2014 - 08:44 19-06-2014 - 10:55
CVE-2014-0910 3.5
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vecto
19-06-2014 - 11:16 18-06-2014 - 12:55
CVE-2014-2946 6.8
Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform A
18-06-2014 - 00:32 02-06-2014 - 15:55
CVE-2014-4163 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a c
17-06-2014 - 10:39 16-06-2014 - 14:55
CVE-2013-2182 5.8
The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.
13-06-2014 - 12:26 13-06-2014 - 10:55
CVE-2013-4727 5.0
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.
09-06-2014 - 10:19 06-06-2014 - 10:55
CVE-2014-3935 7.5
SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.
03-06-2014 - 07:08 02-06-2014 - 10:55
CVE-2014-3934 7.5
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
03-06-2014 - 07:03 02-06-2014 - 10:55
CVE-2013-2107 6.8
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailo
29-05-2014 - 20:32 22-05-2014 - 20:55
CVE-2012-0943 2.1
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT
29-05-2014 - 20:19 22-05-2014 - 19:55
CVE-2014-3866 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passw
29-05-2014 - 19:22 26-05-2014 - 15:55
CVE-2014-3442 4.3
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
27-05-2014 - 10:04 23-05-2014 - 10:55
CVE-2014-3444 9.3
The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.
20-05-2014 - 15:35 20-05-2014 - 07:13
CVE-2014-2989 6.8
Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a request to Users/add.
16-05-2014 - 00:26 13-05-2014 - 10:55
CVE-2014-3441 4.3
codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
15-05-2014 - 14:58 14-05-2014 - 15:55
CVE-2014-1849 10.0
Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by mo
14-05-2014 - 14:43 13-05-2014 - 20:55
CVE-2013-5572 3.5
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
09-05-2014 - 23:58 30-09-2013 - 23:48
CVE-2013-2504 4.3
Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string.
05-05-2014 - 01:22 28-12-2013 - 23:25
CVE-2007-6587 7.5
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
05-05-2014 - 00:00 28-12-2007 - 16:46
CVE-2014-1322 4.9
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the obj
24-04-2014 - 09:56 23-04-2014 - 07:52
CVE-2013-7196 5.5
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
21-04-2014 - 11:40 18-04-2014 - 18:14
CVE-2014-0358 7.8
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download
15-04-2014 - 15:07 15-04-2014 - 06:55
CVE-2012-6643 7.5
Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of th
08-04-2014 - 13:31 08-04-2014 - 10:22
CVE-2011-4958 4.3
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as dem
08-04-2014 - 11:40 08-04-2014 - 10:22
CVE-2013-2287 4.3
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
04-04-2014 - 12:01 04-04-2014 - 10:55
CVE-2012-6429 10.0
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.
04-04-2014 - 11:44 04-04-2014 - 10:55
CVE-2013-0807 4.3
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section actio
31-03-2014 - 09:40 28-03-2014 - 11:55
CVE-2013-7346 6.8
Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to
27-03-2014 - 14:56 27-03-2014 - 12:55
CVE-2013-2559 6.5
SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers
27-03-2014 - 14:36 27-03-2014 - 12:55
CVE-2013-1408 6.5
Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: t
24-03-2014 - 18:10 24-03-2014 - 12:43
CVE-2012-6430 4.3
Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this mi
24-03-2014 - 14:27 24-03-2014 - 12:43
CVE-2014-2339 6.5
Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter.
20-03-2014 - 12:46 19-03-2014 - 10:17
CVE-2013-4579 4.3
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote atta
16-03-2014 - 00:39 20-11-2013 - 08:19
CVE-2010-4172 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to s
16-03-2014 - 00:08 26-11-2010 - 15:00
CVE-2013-1636 4.3
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4
14-03-2014 - 14:39 12-03-2014 - 10:55
CVE-2013-2289 4.3
Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.
11-03-2014 - 20:38 11-03-2014 - 15:37
CVE-2014-2211 7.5
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
07-03-2014 - 15:32 03-03-2014 - 11:55
CVE-2013-6480 2.1
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
05-03-2014 - 23:49 07-01-2014 - 13:55
CVE-2013-0221 4.3
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based
05-03-2014 - 13:15 23-11-2013 - 13:55
CVE-2013-1409 4.3
Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.
04-03-2014 - 11:11 03-03-2014 - 11:55
CVE-2014-1597 7.5
SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.
28-02-2014 - 10:25 27-02-2014 - 10:55
CVE-2012-6608 4.3
Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter.
27-02-2014 - 16:47 25-11-2013 - 14:55
CVE-2011-3315 7.8
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Inter
27-02-2014 - 16:37 27-10-2011 - 17:55
CVE-2013-7278 7.5
SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp.
25-02-2014 - 13:01 08-01-2014 - 10:30
CVE-2013-7097 5.0
Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.
25-02-2014 - 09:05 08-01-2014 - 10:29
CVE-2013-7240 5.0