CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8285 | high | 7.5 | 8.5 | 9y ago | The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. | |||
| CVE-2015-8258 | high | 7.5 | 8.5 | 9y ago | AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." | |||
| CVE-2015-4624 | high | 7.5 | 8.5 | 9y ago | Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. | |||
| CVE-2015-2080 | high | 7.5 | 8.5 | 10y ago | Jetty vulnerable to exposure of sensitive information to unauthenticated remote users | |||
| CVE-2015-8770 | high | 7.5 | 8.5 | 11y ago | Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain pe… | |||
| CVE-2015-5003 | high | 8.5 | 8.5 | 11y ago | The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view aut… | |||
| CVE-2015-7429 | high | 8.5 | 8.5 | 11y ago | The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and… | |||
| CVE-2015-6019 | high | 8.5 | 8.5 | 11y ago | The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by… | |||
| CVE-2015-7250 | high | 7.5 | 8.5 | 11y ago | Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getp… | |||
| CVE-2015-7248 | high | 7.5 | 8.5 | 11y ago | ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability… | |||
| CVE-2015-7928 | high | 8.5 | 8.5 | 11y ago | eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workst… | |||
| CVE-2015-8566 | high | — | 8.5 | 11y ago | Joomla! Framework Remote Code Injection Vulnerability | |||
| CVE-2015-8562 | high | — | 8.5 | 11y ago | Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in Dece… | |||
| CVE-2015-6401 | high | — | 8.5 | 11y ago | Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP r… | |||
| CVE-2015-6848 | high | — | 8.5 | 11y ago | EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD u… | |||
| CVE-2015-8227 | high | — | 8.5 | 11y ago | The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via … | |||
| CVE-2015-7808 | high | — | 8.5 | 11y ago | The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted seriali… | |||
| CVE-2015-7897 | high | — | 8.5 | 11y ago | The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial o… | |||
| CVE-2015-2698 | high | — | 8.5 | 11y ago | The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticate… | |||
| CVE-2015-6555 | high | — | 8.5 | 11y ago | Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. | |||
| CVE-2015-5005 | high | — | 8.5 | 11y ago | CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list. | |||
| CVE-2015-7858 | high | — | 8.5 | 11y ago | SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | |||
| CVE-2015-7857 | high | — | 8.5 | 11y ago | SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL… | |||
| CVE-2015-7297 | high | — | 8.5 | 11y ago | SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. | |||
| CVE-2015-7986 | high | — | 8.5 | 11y ago | The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 21… | |||
| CVE-2015-7007 | high | — | 8.5 | 11y ago | Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors. | |||
| CVE-2015-6763 | high | — | 8.5 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-5647 | high | — | 8.5 | 11y ago | The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. | |||
| CVE-2015-5646 | high | — | 8.5 | 11y ago | Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. | |||
| CVE-2015-7768 | high | — | 8.5 | 11y ago | Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command. | |||
| CVE-2015-7767 | high | — | 8.5 | 11y ago | Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command. | |||
| CVE-2015-1536 | high | — | 8.5 | 11y ago | Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or … | |||
| CVE-2015-5074 | high | — | 8.5 | 11y ago | Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arb… | |||
| CVE-2015-3203 | high | — | 8.5 | 11y ago | Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request… | |||
| CVE-2015-7387 | high | — | 8.5 | 11y ago | ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallow… | |||
| CVE-2015-7382 | high | — | 8.5 | 11y ago | SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a dif… | |||
| CVE-2015-7381 | high | — | 8.5 | 11y ago | Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or… | |||
| CVE-2015-6009 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the… | |||
| CVE-2015-6008 | high | — | 8.5 | 11y ago | install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381. | |||
| CVE-2015-5690 | high | — | 8.5 | 11y ago | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary… | |||
| CVE-2015-4306 | high | — | 8.5 | 11y ago | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of … | |||
| CVE-2015-7243 | high | — | 8.5 | 11y ago | Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file. | |||
| CVE-2015-7235 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id… | |||
| CVE-2015-6962 | high | — | 8.5 | 11y ago | SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. | |||
| CVE-2015-6911 | high | — | 8.5 | 11y ago | SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. | |||
| CVE-2015-6464 | high | — | 8.5 | 11y ago | The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a w… | |||
| CVE-2015-6811 | high | — | 8.5 | 11y ago | SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username pa… | |||
| CVE-2015-5190 | high | — | 8.5 | 11y ago | The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. | |||
| CVE-2015-6750 | high | — | 8.5 | 11y ago | Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command. | |||
| CVE-2015-5222 | high | — | 8.5 | 11y ago | Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on a… | |||
| CVE-2015-6522 | high | — | 8.5 | 11y ago | SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. | |||
| CVE-2015-5621 | high | 7.5 | 8.5 | 11y ago | The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote at… | |||
| CVE-2015-6519 | high | — | 8.5 | 11y ago | SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php. | |||
| CVE-2015-3798 | high | — | 8.5 | 11y ago | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application … | |||
| CVE-2015-3796 | high | — | 8.5 | 11y ago | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application … | |||
| CVE-2015-3783 | high | — | 8.5 | 11y ago | SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||
| CVE-2015-1492 | high | — | 8.5 | 11y ago | Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. | |||
| CVE-2015-1486 | high | — | 8.5 | 11y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new… | |||
| CVE-2015-1763 | high | — | 8.5 | 11y ago | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remo… | |||
| CVE-2015-1560 | high | — | 8.5 | 11y ago | SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attack… | |||
| CVE-2015-4614 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in… | |||
| CVE-2015-5452 | high | — | 8.5 | 11y ago | SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost… | |||
| CVE-2015-2866 | high | — | 8.5 | 11y ago | SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET sessio… | |||
| CVE-2015-5353 | high | — | 8.5 | 11y ago | Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/. | |||
| CVE-2015-5148 | high | — | 8.5 | 11y ago | SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search. | |||
| CVE-2015-0550 | high | — | 8.5 | 11y ago | Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intende… | |||
| CVE-2015-4658 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter. | |||
| CVE-2015-3205 | high | — | 8.5 | 11y ago | libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes at the end of the file, related to "free" function calls in the "lexer's memory clean-up procedure." | |||
| CVE-2015-2993 | high | — | 8.5 | 11y ago | SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount … | |||
| CVE-2015-4004 | high | — | 8.5 | 11y ago | The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or caus… | |||
| CVE-2015-4137 | high | — | 8.5 | 11y ago | SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter. | |||
| CVE-2015-4133 | high | — | 8.5 | 11y ago | Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading… | |||
| CVE-2015-0935 | high | — | 8.5 | 11y ago | Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts. | |||
| CVE-2015-1265 | high | — | 8.5 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-3325 | high | — | 8.5 | 11y ago | SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to t… | |||
| CVE-2015-2843 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_l… | |||
| CVE-2015-1882 | high | — | 8.5 | 11y ago | Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in… | |||
| CVE-2015-2825 | high | — | 8.5 | 11y ago | Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an… | |||
| CVE-2015-2824 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits… | |||
| CVE-2015-0273 | high | — | 8.5 | 11y ago | Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialize… | |||
| CVE-2015-2679 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter t… | |||
| CVE-2015-2562 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_categor… | |||
| CVE-2015-1804 | high | — | 8.5 | 11y ago | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticate… | |||
| CVE-2015-1803 | high | — | 8.5 | 11y ago | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated u… | |||
| CVE-2015-1802 | high | — | 8.5 | 11y ago | The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash)… | |||
| CVE-2015-2281 | high | — | 8.5 | 11y ago | Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message… | |||
| CVE-2015-2314 | high | — | 8.5 | 11y ago | SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax… | |||
| CVE-2015-2237 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.ph… | |||
| CVE-2015-2208 | high | — | 8.5 | 11y ago | The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | |||
| CVE-2015-1875 | high | — | 8.5 | 11y ago | SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter. | |||
| CVE-2015-2183 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2)… | |||
| CVE-2015-2097 | high | — | 8.5 | 11y ago | Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in… | |||
| CVE-2015-2094 | high | — | 8.5 | 11y ago | Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) P… | |||
| CVE-2015-2177 | high | 7.5 | 8.5 | 11y ago | Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. | |||
| CVE-2015-2216 | high | — | 8.5 | 11y ago | SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. | |||
| CVE-2015-2196 | high | — | 8.5 | 11y ago | SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-a… | |||
| CVE-2015-2102 | high | — | 8.5 | 11y ago | SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||
| CVE-2015-2090 | high | — | 8.5 | 11y ago | SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the s… | |||
| CVE-2015-2070 | high | — | 8.5 | 11y ago | SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed. | |||
| CVE-2015-2065 | high | — | 8.5 | 11y ago | SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL comman… |