CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4718 | critical | — | 9.0 | 11y ago | The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) cha… | |||
| CVE-2015-7684 | critical | — | 9.0 | 11y ago | Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessi… | |||
| CVE-2015-4930 | critical | — | 9.0 | 11y ago | IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. | |||
| CVE-2015-2016 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unkno… | |||
| CVE-2015-2011 | critical | — | 9.0 | 11y ago | The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via un… | |||
| CVE-2015-3974 | critical | — | 9.0 | 11y ago | EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENS… | |||
| CVE-2015-4307 | critical | — | 9.0 | 11y ago | The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, … | |||
| CVE-2015-4304 | critical | — | 9.0 | 11y ago | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read dat… | |||
| CVE-2015-6456 | critical | — | 9.0 | 11y ago | GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequent… | |||
| CVE-2015-4947 | critical | — | 9.0 | 11y ago | Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere … | |||
| CVE-2015-4544 | critical | — | 9.0 | 11y ago | EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privil… | |||
| CVE-2015-2908 | critical | — | 9.0 | 11y ago | Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbit… | |||
| CVE-2015-2907 | critical | — | 9.0 | 11y ago | Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to ob… | |||
| CVE-2015-2906 | critical | — | 9.0 | 11y ago | Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installatio… | |||
| CVE-2015-5406 | critical | — | 9.0 | 11y ago | HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1… | |||
| CVE-2015-4534 | critical | — | 9.0 | 11y ago | Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitra… | |||
| CVE-2015-4533 | critical | — | 9.0 | 11y ago | EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows … | |||
| CVE-2015-4532 | critical | — | 9.0 | 11y ago | EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object type… | |||
| CVE-2015-4531 | critical | — | 9.0 | 11y ago | EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which … | |||
| CVE-2015-2474 | critical | — | 9.0 | 11y ago | Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote authenticated users to execute arbitrary code via a crafted string in a Server Message Block (SMB) server error-logging action, aka "Serve… | |||
| CVE-2015-5536 | critical | — | 9.0 | 11y ago | Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinC… | |||
| CVE-2015-4235 | critical | — | 9.0 | 11y ago | Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j)… | |||
| CVE-2015-5080 | critical | — | 9.0 | 11y ago | The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remo… | |||
| CVE-2015-2629 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2015-1961 | critical | — | 9.0 | 11y ago | The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated us… | |||
| CVE-2015-4525 | critical | — | 9.0 | 11y ago | The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute ar… | |||
| CVE-2015-4051 | critical | — | 9.0 | 11y ago | Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users,… | |||
| CVE-2015-4002 | critical | — | 9.0 | 11y ago | drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a d… | |||
| CVE-2015-4001 | critical | — | 9.0 | 11y ago | Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of serv… | |||
| CVE-2015-1550 | critical | — | 9.0 | 11y ago | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. | |||
| CVE-2015-2123 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access. | |||
| CVE-2015-0160 | critical | — | 9.0 | 11y ago | IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecifi… | |||
| CVE-2015-0713 | critical | — | 9.0 | 11y ago | The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.… | |||
| CVE-2015-3911 | critical | — | 9.0 | 11y ago | Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via… | |||
| CVE-2015-3990 | critical | — | 9.0 | 11y ago | The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configu… | |||
| CVE-2015-2116 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors. | |||
| CVE-2015-3144 | critical | — | 9.0 | 11y ago | The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and c… | |||
| CVE-2015-0297 | critical | — | 9.0 | 11y ago | Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) Sched… | |||
| CVE-2015-0702 | critical | — | 9.0 | 11y ago | Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the lang… | |||
| CVE-2015-0457 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2015-2112 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t52… | |||
| CVE-2015-2828 | critical | — | 9.0 | 11y ago | CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data. | |||
| CVE-2015-0635 | critical | — | 9.0 | 11y ago | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Aut… | |||
| CVE-2015-0980 | critical | — | 9.0 | 11y ago | Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string spec… | |||
| CVE-2015-0979 | critical | — | 9.0 | 11y ago | Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet. | |||
| CVE-2015-0518 | critical | — | 9.0 | 12y ago | The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser pri… | |||
| CVE-2015-0589 | critical | — | 9.0 | 12y ago | The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug… | |||
| CVE-2015-1469 | critical | — | 9.0 | 12y ago | time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP r… | |||
| CVE-2015-5081 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified … | |||
| CVE-2015-5607 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery in the REST API in IPython 2 and 3. | |||
| CVE-2015-0276 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | |||
| CVE-2015-5173 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails wit… | |||
| CVE-2015-5170 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry Runtime Cross-Site Request Forgery vulnerability | |||
| CVE-2015-5227 | high | 8.8 | 8.8 | 9y ago | The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. | |||
| CVE-2015-7504 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via … | |||
| CVE-2015-7843 | high | 8.8 | 8.8 | 9y ago | The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R00… | |||
| CVE-2015-7358 | high | 7.8 | 8.8 | 9y ago | The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which … | |||
| CVE-2015-6576 | high | 8.8 | 8.8 | 9y ago | Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. | |||
| CVE-2015-9233 | high | 8.8 | 8.8 | 9y ago | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.in… | |||
| CVE-2015-3643 | high | 7.8 | 8.8 | 9y ago | usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local… | |||
| CVE-2015-1336 | high | 7.8 | 8.8 | 9y ago | The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | |||
| CVE-2015-5182 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | |||
| CVE-2015-5237 | high | 8.8 | 8.8 | 9y ago | protobuf susceptible to buffer overflow | |||
| CVE-2015-4669 | high | 7.8 | 8.8 | 9y ago | The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | |||
| CVE-2015-5395 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | |||
| CVE-2015-1329 | high | 8.8 | 8.8 | 9y ago | Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. | |||
| CVE-2015-4681 | high | 7.8 | 8.8 | 9y ago | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | |||
| CVE-2015-4089 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the… | |||
| CVE-2015-9228 | high | 8.8 | 8.8 | 9y ago | In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | |||
| CVE-2015-4724 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Concrete5 5.7.3.1. | |||
| CVE-2015-4697 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563. | |||
| CVE-2015-3450 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document. | |||
| CVE-2015-0853 | high | 8.8 | 8.8 | 9y ago | svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). | |||
| CVE-2015-8334 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTT… | |||
| CVE-2015-3655 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators b… | |||
| CVE-2015-8332 | high | 8.8 | 8.8 | 9y ago | Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and p… | |||
| CVE-2015-1443 | high | 8.8 | 8.8 | 9y ago | The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. | |||
| CVE-2015-8355 | high | 8.8 | 8.8 | 9y ago | Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" par… | |||
| CVE-2015-5258 | high | 8.8 | 8.8 | 9y ago | springframework-social Cross-Site Request Forgery vulnerability | |||
| CVE-2015-5153 | high | 8.8 | 8.8 | 9y ago | Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. | |||
| CVE-2015-7854 | high | 8.8 | 8.8 | 9y ago | Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly… | |||
| CVE-2015-7849 | high | 8.8 | 8.8 | 9y ago | Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via… | |||
| CVE-2015-7571 | high | 7.8 | 8.8 | 9y ago | Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | |||
| CVE-2015-1332 | high | 8.8 | 8.8 | 9y ago | The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute a… | |||
| CVE-2015-4639 | high | 8.8 | 8.8 | 9y ago | Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web sc… | |||
| CVE-2015-3639 | high | 8.8 | 8.8 | 9y ago | phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. | |||
| CVE-2015-3638 | high | 8.8 | 8.8 | 9y ago | phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to … | |||
| CVE-2015-3315 | high | 7.8 | 8.8 | 9y ago | Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp… | |||
| CVE-2015-1786 | high | 8.8 | 8.8 | 9y ago | Zend Framework CSRF Vulnerability | |||
| CVE-2015-2252 | high | 8.8 | 8.8 | 9y ago | Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | |||
| CVE-2015-3191 | high | 8.8 | 8.8 | 9y ago | With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable … | |||
| CVE-2015-7274 | high | 8.8 | 8.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. | |||
| CVE-2015-6028 | high | 8.8 | 8.8 | 9y ago | Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | |||
| CVE-2015-2889 | high | 8.8 | 8.8 | 9y ago | Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL. | |||
| CVE-2015-2880 | high | 8.8 | 8.8 | 9y ago | TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | |||
| CVE-2015-8671 | high | 8.8 | 8.8 | 9y ago | Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions. | |||
| CVE-2015-8624 | high | 8.8 | 8.8 | 9y ago | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant … | |||
| CVE-2015-8623 | high | 8.8 | 8.8 | 9y ago | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote at… | |||
| CVE-2015-8989 | high | 8.8 | 8.8 | 9y ago | Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user pa… | |||
| CVE-2015-8988 | high | 8.8 | 8.8 | 9y ago | Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of… |