Max CVSS 10.0 Min CVSS 6.5 Total Count5
IDCVSSSummaryLast (major) updatePublished
CVE-2015-8355 6.5
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.ph
24-08-2017 - 17:29 24-08-2017 - 17:29
CVE-2015-8352 10.0
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
24-08-2017 - 17:29 24-08-2017 - 17:29
CVE-2015-8556 10.0
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
27-03-2017 - 15:15 24-03-2017 - 10:59
CVE-2015-8562 7.5
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
07-12-2016 - 13:28 16-12-2015 - 16:59
CVE-2015-6835 7.5
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafte
29-11-2016 - 22:02 16-05-2016 - 06:59
Back to Top Mark selected
Back to Top