CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1328 | high | 7.8 | 8.8 | 10y ago | The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem director… | |||
| CVE-2015-6397 | high | 8.8 | 8.8 | 10y ago | Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that acco… | |||
| CVE-2015-6396 | high | 7.8 | 8.8 | 10y ago | The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux5816… | |||
| CVE-2015-8157 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Contro… | |||
| CVE-2015-0569 | high | 7.8 | 8.8 | 10y ago | Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation C… | |||
| CVE-2015-8823 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A… | |||
| CVE-2015-7801 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file. | |||
| CVE-2015-7378 | high | 7.8 | 8.8 | 10y ago | Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda… | |||
| CVE-2015-8540 | high | 8.8 | 8.8 | 10y ago | Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.… | |||
| CVE-2015-8604 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in… | |||
| CVE-2015-7330 | high | 8.8 | 8.8 | 10y ago | Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol. | |||
| CVE-2015-8840 | high | 8.8 | 8.8 | 10y ago | The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly h… | |||
| CVE-2015-8154 | high | 8.8 | 8.8 | 10y ago | The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code… | |||
| CVE-2015-8153 | high | 8.8 | 8.8 | 10y ago | SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-7446 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitr… | |||
| CVE-2015-8822 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8821 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8820 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8658 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8657 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8656 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8655 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8654 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8653 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8652 | high | 8.8 | 8.8 | 10y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-6022 | high | 8.8 | 8.8 | 10y ago | Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file v… | |||
| CVE-2015-5351 | high | 8.8 | 8.8 | 10y ago | The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, wh… | |||
| CVE-2015-5338 | high | 8.8 | 8.8 | 10y ago | Moodle multiple cross-site request forgery (CSRF) vulnerabilities | |||
| CVE-2015-5050 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.… | |||
| CVE-2015-7678 | high | 8.8 | 8.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vecto… | |||
| CVE-2015-7538 | high | 8.8 | 8.8 | 11y ago | Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack | |||
| CVE-2015-7537 | high | 8.8 | 8.8 | 11y ago | Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack | |||
| CVE-2015-8379 | high | 8.8 | 8.8 | 11y ago | CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter | |||
| CVE-2015-5007 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authenticat… | |||
| CVE-2015-3946 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2015-8088 | high | 7.8 | 8.8 | 11y ago | Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 bef… | |||
| CVE-2015-7465 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack t… | |||
| CVE-2015-6639 | high | 7.8 | 8.8 | 11y ago | The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka i… | |||
| CVE-2015-5445 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown … | |||
| CVE-2015-7407 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequ… | |||
| CVE-2015-5990 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2015-7281 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2015-7278 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2015-2912 | high | 8.8 | 8.8 | 11y ago | OrientDB-Server vulnerable to Cross-Site Request Forgery | |||
| CVE-2015-2876 | high | 8.8 | 8.8 | 11y ago | Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows… | |||
| CVE-2015-8650 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8649 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8648 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8647 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8646 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8645 | high | 8.8 | 8.8 | 11y ago | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe … | |||
| CVE-2015-8643 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8642 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8641 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8640 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8639 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8638 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8460 | high | 8.8 | 8.8 | 11y ago | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe … | |||
| CVE-2015-7924 | high | 8.8 | 8.8 | 11y ago | eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveragi… | |||
| CVE-2015-7068 | high | 7.8 | 8.8 | 11y ago | IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL … | |||
| CVE-2015-8968 | high | 8.8 | 8.8 | 11y ago | git-fastclone permits arbitrary shell command execution from .gitmodules | |||
| CVE-2015-6984 | high | — | 8.8 | 11y ago | libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack. | |||
| CVE-2015-6983 | high | — | 8.8 | 11y ago | Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors. | |||
| CVE-2015-7603 | high | — | 8.8 | 11y ago | Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command. | |||
| CVE-2015-7602 | high | — | 8.8 | 11y ago | Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command. | |||
| CVE-2015-7601 | high | — | 8.8 | 11y ago | Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. | |||
| CVE-2015-5477 | high | — | 8.8 | 11y ago | named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. | |||
| CVE-2015-5374 | high | — | 8.8 | 11y ago | A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.0… | |||
| CVE-2015-3708 | high | — | 8.8 | 11y ago | kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack. | |||
| CVE-2015-1930 | high | — | 8.8 | 11y ago | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… | |||
| CVE-2015-4619 | high | 8.8 | 8.8 | 11y ago | Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability | |||
| CVE-2015-3000 | high | — | 8.8 | 11y ago | SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2… | |||
| CVE-2015-0970 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2015-2055 | high | — | 8.8 | 11y ago | Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter. | |||
| CVE-2015-0973 | high | 8.8 | 8.8 | 12y ago | Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a larg… | |||
| CVE-2015-7931 | high | 8.7 | 8.7 | 11y ago | The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive informa… | |||
| CVE-2015-7865 | high | — | 8.7 | 11y ago | nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to … | |||
| CVE-2015-2120 | high | — | 8.7 | 11y ago | Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-… | |||
| CVE-2015-3456 | high | — | 8.7 | 11y ago | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arb… | |||
| CVE-2015-8555 | high | 8.6 | 8.6 | 10y ago | Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains … | |||
| CVE-2015-8702 | high | 8.6 | 8.6 | 10y ago | The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\0… | |||
| CVE-2015-8616 | high | 8.6 | 8.6 | 11y ago | Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application … | |||
| CVE-2015-4988 | high | 8.6 | 8.6 | 11y ago | Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9… | |||
| CVE-2015-1779 | high | 8.6 | 8.6 | 11y ago | The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | |||
| CVE-2015-4694 | high | 8.6 | 8.6 | 11y ago | Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter. | |||
| CVE-2015-5259 | high | 8.6 | 8.6 | 11y ago | Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which … | |||
| CVE-2015-5987 | high | 8.6 | 8.6 | 11y ago | Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by pred… | |||
| CVE-2015-8263 | high | 8.6 | 8.6 | 11y ago | NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the de… | |||
| CVE-2015-7934 | high | 8.6 | 8.6 | 11y ago | The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. | |||
| CVE-2015-7932 | high | 8.6 | 8.6 | 11y ago | Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2015-7907 | high | 8.6 | 8.6 | 11y ago | Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and wr… | |||
| CVE-2015-3302 | high | 7.5 | 8.5 | 9y ago | The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by … | |||
| CVE-2015-2856 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (d… | |||
| CVE-2015-4074 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download… | |||
| CVE-2015-4181 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of … | |||
| CVE-2015-7257 | high | 7.5 | 8.5 | 9y ago | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password chang… | |||
| CVE-2015-7945 | high | 7.5 | 8.5 | 9y ago | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.… | |||
| CVE-2015-7944 | high | 7.5 | 8.5 | 9y ago | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.… | |||
| CVE-2015-5468 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to inc… | |||
| CVE-2015-7245 | high | 7.5 | 8.5 | 9y ago | Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage p… |