CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1059 | medium | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it… | |||
| CVE-2015-3623 | medium | — | 7.4 | 11y ago | XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML d… | |||
| CVE-2015-1833 | medium | — | 7.4 | 11y ago | Improper Input Validation in Apache Jackrabbit | |||
| CVE-2015-3083 | medium | — | 7.4 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-3082 | medium | — | 7.4 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-2791 | medium | — | 7.4 | 11y ago | The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/men… | |||
| CVE-2015-1577 | medium | — | 7.4 | 12y ago | Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter. | |||
| CVE-2015-4668 | medium | 6.1 | 7.1 | 9y ago | Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | |||
| CVE-2015-5594 | medium | 6.1 | 7.1 | 9y ago | The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a… | |||
| CVE-2015-8256 | medium | 6.1 | 7.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. | |||
| CVE-2015-7562 | medium | 6.1 | 7.1 | 9y ago | TeamPass vulnerable to Cross-site Scripting | |||
| CVE-2015-4591 | medium | 6.1 | 7.1 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage para… | |||
| CVE-2015-8398 | medium | 6.1 | 7.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. | |||
| CVE-2015-7252 | medium | 6.1 | 7.1 | 11y ago | Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the error… | |||
| CVE-2015-8368 | medium | — | 7.0 | 11y ago | ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua. | |||
| CVE-2015-2803 | medium | — | 7.0 | 11y ago | SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to exec… | |||
| CVE-2015-1517 | medium | — | 7.0 | 11y ago | SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh ph… | |||
| CVE-2015-5354 | medium | — | 6.8 | 11y ago | Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/l… | |||
| CVE-2015-3624 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote a… | |||
| CVE-2015-1578 | medium | — | 6.8 | 12y ago | Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admi… | |||
| CVE-2015-1060 | medium | — | 6.8 | 12y ago | Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP… | |||
| CVE-2015-7889 | medium | 5.5 | 6.5 | 9y ago | The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service a… | |||
| CVE-2015-7898 | medium | 5.5 | 6.5 | 9y ago | Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||
| CVE-2015-7895 | medium | 5.5 | 6.5 | 9y ago | Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||
| CVE-2015-8739 | medium | 5.5 | 6.5 | 11y ago | The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cau… | |||
| CVE-2015-8736 | medium | 5.5 | 6.5 | 11y ago | The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of ser… | |||
| CVE-2015-8735 | medium | 5.5 | 6.5 | 11y ago | The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote att… | |||
| CVE-2015-8733 | medium | 5.5 | 6.5 | 11y ago | The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record len… | |||
| CVE-2015-8732 | medium | 5.5 | 6.5 | 11y ago | The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate t… | |||
| CVE-2015-8731 | medium | 5.5 | 6.5 | 11y ago | The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remo… | |||
| CVE-2015-8730 | medium | 5.5 | 6.5 | 11y ago | epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of … | |||
| CVE-2015-8729 | medium | 5.5 | 6.5 | 11y ago | The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a da… | |||
| CVE-2015-8728 | medium | 5.5 | 6.5 | 11y ago | The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.… | |||
| CVE-2015-8727 | medium | 5.5 | 6.5 | 11y ago | The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which all… | |||
| CVE-2015-8726 | medium | 5.5 | 6.5 | 11y ago | wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote… | |||
| CVE-2015-8725 | medium | 5.5 | 6.5 | 11y ago | The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv… | |||
| CVE-2015-8724 | medium | 5.5 | 6.5 | 11y ago | The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, whi… | |||
| CVE-2015-8723 | medium | 5.5 | 6.5 | 11y ago | The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total lengt… | |||
| CVE-2015-7422 | medium | 5.5 | 6.5 | 11y ago | Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2015-1487 | medium | — | 6.5 | 11y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator pri… | |||
| CVE-2015-5149 | medium | — | 6.5 | 11y ago | Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Reque… | |||
| CVE-2015-4072 | medium | 5.4 | 6.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and m… | |||
| CVE-2015-5399 | medium | 5.4 | 6.4 | 10y ago | Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment. | |||
| CVE-2015-1100 | medium | — | 6.4 | 11y ago | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content i… | |||
| CVE-2015-2826 | medium | 5.3 | 6.3 | 9y ago | WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information. | |||
| CVE-2015-4071 | medium | 5.3 | 6.3 | 9y ago | The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/… | |||
| CVE-2015-5471 | medium | 5.3 | 6.3 | 11y ago | Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file par… | |||
| CVE-2015-8740 | medium | 5.3 | 6.3 | 11y ago | The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers… | |||
| CVE-2015-7254 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. | |||
| CVE-2015-5285 | medium | — | 6.0 | 11y ago | CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. | |||
| CVE-2015-7902 | medium | — | 6.0 | 11y ago | Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to … | |||
| CVE-2015-6830 | medium | — | 6.0 | 11y ago | phpMyAdmin ReCaptcha bypass | |||
| CVE-2015-6908 | medium | — | 6.0 | 11y ago | The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER dat… | |||
| CVE-2015-1830 | medium | — | 6.0 | 11y ago | Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ | |||
| CVE-2015-6512 | medium | — | 6.0 | 11y ago | SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to se… | |||
| CVE-2015-5531 | medium | — | 6.0 | 11y ago | Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch | |||
| CVE-2015-5696 | medium | — | 6.0 | 11y ago | Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. | |||
| CVE-2015-4666 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the lo… | |||
| CVE-2015-5116 | medium | — | 6.0 | 11y ago | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Ad… | |||
| CVE-2015-4616 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id … | |||
| CVE-2015-5065 | medium | — | 6.0 | 11y ago | Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read… | |||
| CVE-2015-3897 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter… | |||
| CVE-2015-4414 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitra… | |||
| CVE-2015-4153 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the templ… | |||
| CVE-2015-4148 | medium | — | 6.0 | 11y ago | The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obta… | |||
| CVE-2015-3001 | medium | — | 6.0 | 11y ago | SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by lever… | |||
| CVE-2015-2998 | medium | — | 6.0 | 11y ago | SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-IN… | |||
| CVE-2015-2997 | medium | — | 6.0 | 11y ago | SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal… | |||
| CVE-2015-2166 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot en… | |||
| CVE-2015-2841 | medium | — | 6.0 | 11y ago | Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-s… | |||
| CVE-2015-0816 | medium | — | 6.0 | 11y ago | Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScr… | |||
| CVE-2015-0802 | medium | — | 6.0 | 11y ago | Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScr… | |||
| CVE-2015-2682 | medium | — | 6.0 | 11y ago | Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. | |||
| CVE-2015-2153 | medium | — | 6.0 | 11y ago | The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a craft… | |||
| CVE-2015-0252 | medium | — | 6.0 | 11y ago | internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. | |||
| CVE-2015-2184 | medium | — | 6.0 | 11y ago | ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. | |||
| CVE-2015-2067 | medium | — | 6.0 | 11y ago | MAGMI plugin for Magento Server Directory Traversal | |||
| CVE-2015-0923 | medium | — | 6.0 | 12y ago | The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via a… | |||
| CVE-2015-1579 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image acti… | |||
| CVE-2015-1482 | medium | — | 6.0 | 12y ago | Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/. | |||
| CVE-2015-1365 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter. | |||
| CVE-2015-0514 | medium | — | 6.0 | 12y ago | EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decrypt… | |||
| CVE-2015-0922 | medium | — | 6.0 | 12y ago | McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by … | |||
| CVE-2015-7249 | medium | 4.9 | 5.9 | 11y ago | ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support a… | |||
| CVE-2015-4425 | medium | — | 5.9 | 11y ago | Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir param… | |||
| CVE-2015-2145 | medium | 4.8 | 5.8 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2015-7347 | medium | 4.8 | 5.8 | 9y ago | Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1. | |||
| CVE-2015-0060 | medium | — | 5.7 | 12y ago | The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Se… | |||
| CVE-2015-7515 | medium | 4.6 | 5.6 | 10y ago | The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash… | |||
| CVE-2015-7566 | medium | 4.6 | 5.6 | 11y ago | The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system cras… | |||
| CVE-2015-1674 | medium | — | 5.6 | 11y ago | The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the … | |||
| CVE-2015-2572 | medium | — | 5.6 | 11y ago | Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, in… | |||
| CVE-2015-2789 | medium | — | 5.4 | 11y ago | Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse p… | |||
| CVE-2015-8309 | medium | 4.3 | 5.3 | 9y ago | Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download." | |||
| CVE-2015-8399 | medium | 4.3 | 5.3 | 10y ago | Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdeco… | |||
| CVE-2015-6402 | medium | — | 5.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an… | |||
| CVE-2015-6176 | medium | — | 5.3 | 11y ago | Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS… | |||
| CVE-2015-6127 | medium | — | 5.3 | 11y ago | Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center Infor… | |||
| CVE-2015-6086 | medium | — | 5.3 | 11y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerabilit… | |||
| CVE-2015-8038 | medium | — | 5.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (… |