CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2878 | high | 8.8 | 9.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary acco… | |||
| CVE-2015-7715 | high | 8.8 | 9.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests th… | |||
| CVE-2015-2673 | high | 8.8 | 9.8 | 9y ago | The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain a… | |||
| CVE-2015-2143 | high | 8.8 | 9.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecifi… | |||
| CVE-2015-7293 | high | 8.8 | 9.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | |||
| CVE-2015-5958 | high | 8.8 | 9.8 | 9y ago | phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. | |||
| CVE-2015-7259 | high | 8.8 | 9.8 | 9y ago | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login t… | |||
| CVE-2015-7258 | high | 8.8 | 9.8 | 9y ago | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | |||
| CVE-2015-7894 | high | 8.8 | 9.8 | 9y ago | The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process… | |||
| CVE-2015-2280 | high | 8.8 | 9.8 | 9y ago | snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands v… | |||
| CVE-2015-8257 | high | 8.8 | 9.8 | 9y ago | The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_… | |||
| CVE-2015-7569 | high | 8.8 | 9.8 | 9y ago | SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | |||
| CVE-2015-0104 | high | 8.8 | 9.8 | 9y ago | IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol… | |||
| CVE-2015-6568 | high | 8.8 | 9.8 | 9y ago | Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" … | |||
| CVE-2015-6567 | high | 8.8 | 9.8 | 9y ago | Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exp… | |||
| CVE-2015-8284 | high | 8.8 | 9.8 | 9y ago | SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions. | |||
| CVE-2015-7563 | high | 8.8 | 9.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. | |||
| CVE-2015-7893 | high | 8.8 | 9.8 | 9y ago | SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. | |||
| CVE-2015-8255 | high | 8.8 | 9.8 | 9y ago | AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. | |||
| CVE-2015-3884 | high | 8.8 | 9.8 | 9y ago | Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute… | |||
| CVE-2015-4593 | high | 8.8 | 9.8 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content a… | |||
| CVE-2015-4592 | high | 8.8 | 9.8 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as… | |||
| CVE-2015-6541 | high | 8.8 | 9.8 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users… | |||
| CVE-2015-2023 | high | 8.8 | 9.8 | 11y ago | Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-5996 | high | 8.8 | 9.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2015-8644 | high | 8.8 | 9.8 | 11y ago | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe … | |||
| CVE-2015-8636 | high | 8.8 | 9.8 | 11y ago | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe … | |||
| CVE-2015-8635 | high | 8.8 | 9.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8634 | high | 8.8 | 9.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8664 | high | 8.8 | 9.8 | 11y ago | Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly h… | |||
| CVE-2015-8279 | high | 8.6 | 9.6 | 11y ago | Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. | |||
| CVE-2015-1489 | high | — | 9.5 | 11y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2015-2996 | high | — | 9.5 | 11y ago | Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2… | |||
| CVE-2015-8612 | high | 8.4 | 9.4 | 11y ago | The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument. | |||
| CVE-2015-0008 | high | — | 9.3 | 12y ago | The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows… | |||
| CVE-2015-4075 | high | 8.1 | 9.1 | 9y ago | The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task. | |||
| CVE-2015-3314 | high | 8.1 | 9.1 | 9y ago | SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. | |||
| CVE-2015-7611 | high | 8.1 | 9.1 | 10y ago | Apache James Server OS Command Injection | |||
| CVE-2015-7547 | high | 8.1 | 9.1 | 10y ago | Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a den… | |||
| CVE-2015-2142 | high | 8.0 | 9.0 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that caus… | |||
| CVE-2015-8356 | high | 8.0 | 9.0 | 9y ago | Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to adm… | |||
| CVE-2015-7358 | high | 7.8 | 8.8 | 9y ago | The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which … | |||
| CVE-2015-3643 | high | 7.8 | 8.8 | 9y ago | usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local… | |||
| CVE-2015-1336 | high | 7.8 | 8.8 | 9y ago | The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | |||
| CVE-2015-4669 | high | 7.8 | 8.8 | 9y ago | The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | |||
| CVE-2015-4681 | high | 7.8 | 8.8 | 9y ago | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | |||
| CVE-2015-7571 | high | 7.8 | 8.8 | 9y ago | Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | |||
| CVE-2015-3315 | high | 7.8 | 8.8 | 9y ago | Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp… | |||
| CVE-2015-1328 | high | 7.8 | 8.8 | 10y ago | The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem director… | |||
| CVE-2015-6396 | high | 7.8 | 8.8 | 10y ago | The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux5816… | |||
| CVE-2015-0569 | high | 7.8 | 8.8 | 10y ago | Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation C… | |||
| CVE-2015-7378 | high | 7.8 | 8.8 | 10y ago | Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda… | |||
| CVE-2015-8088 | high | 7.8 | 8.8 | 11y ago | Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 bef… | |||
| CVE-2015-6639 | high | 7.8 | 8.8 | 11y ago | The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka i… | |||
| CVE-2015-7068 | high | 7.8 | 8.8 | 11y ago | IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL … | |||
| CVE-2015-7603 | high | — | 8.8 | 11y ago | Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command. | |||
| CVE-2015-7602 | high | — | 8.8 | 11y ago | Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command. | |||
| CVE-2015-7601 | high | — | 8.8 | 11y ago | Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. | |||
| CVE-2015-5477 | high | — | 8.8 | 11y ago | named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. | |||
| CVE-2015-5374 | high | — | 8.8 | 11y ago | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0… | |||
| CVE-2015-1930 | high | — | 8.8 | 11y ago | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… | |||
| CVE-2015-3000 | high | — | 8.8 | 11y ago | SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2… | |||
| CVE-2015-2055 | high | — | 8.8 | 11y ago | Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter. | |||
| CVE-2015-7865 | high | — | 8.7 | 11y ago | nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to … | |||
| CVE-2015-3456 | high | — | 8.7 | 11y ago | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arb… | |||
| CVE-2015-3302 | high | 7.5 | 8.5 | 9y ago | The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by … | |||
| CVE-2015-2856 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (d… | |||
| CVE-2015-4074 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download… | |||
| CVE-2015-4181 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of … | |||
| CVE-2015-7257 | high | 7.5 | 8.5 | 9y ago | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password chang… | |||
| CVE-2015-7945 | high | 7.5 | 8.5 | 9y ago | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.… | |||
| CVE-2015-7944 | high | 7.5 | 8.5 | 9y ago | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.… | |||
| CVE-2015-5468 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to inc… | |||
| CVE-2015-7245 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage p… | |||
| CVE-2015-8285 | high | 7.5 | 8.5 | 9y ago | The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. | |||
| CVE-2015-8258 | high | 7.5 | 8.5 | 9y ago | AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." | |||
| CVE-2015-4624 | high | 7.5 | 8.5 | 9y ago | Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. | |||
| CVE-2015-2080 | high | 7.5 | 8.5 | 10y ago | Jetty vulnerable to exposure of sensitive information to unauthenticated remote users | |||
| CVE-2015-8770 | high | 7.5 | 8.5 | 11y ago | Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain pe… | |||
| CVE-2015-7250 | high | 7.5 | 8.5 | 11y ago | Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getp… | |||
| CVE-2015-7248 | high | 7.5 | 8.5 | 11y ago | ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability… | |||
| CVE-2015-8566 | high | — | 8.5 | 11y ago | Joomla! Framework Remote Code Injection Vulnerability | |||
| CVE-2015-8562 | high | — | 8.5 | 11y ago | Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in Dece… | |||
| CVE-2015-6401 | high | — | 8.5 | 11y ago | Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP r… | |||
| CVE-2015-7808 | high | — | 8.5 | 11y ago | The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted seriali… | |||
| CVE-2015-7897 | high | — | 8.5 | 11y ago | The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial o… | |||
| CVE-2015-7858 | high | — | 8.5 | 11y ago | SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | |||
| CVE-2015-7857 | high | — | 8.5 | 11y ago | SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL… | |||
| CVE-2015-7297 | high | — | 8.5 | 11y ago | SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. | |||
| CVE-2015-7986 | high | — | 8.5 | 11y ago | The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 21… | |||
| CVE-2015-7007 | high | — | 8.5 | 11y ago | Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors. | |||
| CVE-2015-6763 | high | — | 8.5 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-7768 | high | — | 8.5 | 11y ago | Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command. | |||
| CVE-2015-7767 | high | — | 8.5 | 11y ago | Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command. | |||
| CVE-2015-5074 | high | — | 8.5 | 11y ago | Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arb… | |||
| CVE-2015-3203 | high | — | 8.5 | 11y ago | Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request… | |||
| CVE-2015-7387 | high | — | 8.5 | 11y ago | ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallow… | |||
| CVE-2015-7382 | high | — | 8.5 | 11y ago | SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a dif… | |||
| CVE-2015-7381 | high | — | 8.5 | 11y ago | Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or… | |||
| CVE-2015-6009 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the… |