CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2878 | high | 8.8 | 9.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary acco… | |||
| CVE-2015-7715 | high | 8.8 | 9.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests th… | |||
| CVE-2015-2673 | high | 8.8 | 9.8 | 9y ago | The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain a… | |||
| CVE-2015-2143 | high | 8.8 | 9.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecifi… | |||
| CVE-2015-7293 | high | 8.8 | 9.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | |||
| CVE-2015-5958 | high | 8.8 | 9.8 | 9y ago | phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. | |||
| CVE-2015-7259 | high | 8.8 | 9.8 | 9y ago | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login t… | |||
| CVE-2015-7258 | high | 8.8 | 9.8 | 9y ago | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | |||
| CVE-2015-7894 | high | 8.8 | 9.8 | 9y ago | The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process… | |||
| CVE-2015-2280 | high | 8.8 | 9.8 | 9y ago | snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands v… | |||
| CVE-2015-8257 | high | 8.8 | 9.8 | 9y ago | The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_… | |||
| CVE-2015-7569 | high | 8.8 | 9.8 | 9y ago | SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | |||
| CVE-2015-0104 | high | 8.8 | 9.8 | 9y ago | IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol… | |||
| CVE-2015-6568 | high | 8.8 | 9.8 | 9y ago | Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" … | |||
| CVE-2015-6567 | high | 8.8 | 9.8 | 9y ago | Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exp… | |||
| CVE-2015-8284 | high | 8.8 | 9.8 | 9y ago | SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions. | |||
| CVE-2015-7563 | high | 8.8 | 9.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. | |||
| CVE-2015-7893 | high | 8.8 | 9.8 | 9y ago | SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. | |||
| CVE-2015-8255 | high | 8.8 | 9.8 | 9y ago | AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. | |||
| CVE-2015-3884 | high | 8.8 | 9.8 | 9y ago | Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute… | |||
| CVE-2015-4593 | high | 8.8 | 9.8 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content a… | |||
| CVE-2015-4592 | high | 8.8 | 9.8 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as… | |||
| CVE-2015-6541 | high | 8.8 | 9.8 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users… | |||
| CVE-2015-2023 | high | 8.8 | 9.8 | 11y ago | Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-5996 | high | 8.8 | 9.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2015-8644 | high | 8.8 | 9.8 | 11y ago | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe … | |||
| CVE-2015-8636 | high | 8.8 | 9.8 | 11y ago | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe … | |||
| CVE-2015-8635 | high | 8.8 | 9.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8634 | high | 8.8 | 9.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |||
| CVE-2015-8664 | high | 8.8 | 9.8 | 11y ago | Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly h… | |||
| CVE-2015-8279 | high | 8.6 | 9.6 | 11y ago | Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. | |||
| CVE-2015-1489 | high | — | 9.5 | 11y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2015-2996 | high | — | 9.5 | 11y ago | Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2… | |||
| CVE-2015-8612 | high | 8.4 | 9.4 | 11y ago | The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument. | |||
| CVE-2015-0008 | high | — | 9.3 | 12y ago | The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows… | |||
| CVE-2015-4075 | high | 8.1 | 9.1 | 9y ago | The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task. | |||
| CVE-2015-3314 | high | 8.1 | 9.1 | 9y ago | SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. | |||
| CVE-2015-7611 | high | 8.1 | 9.1 | 10y ago | Apache James Server OS Command Injection | |||
| CVE-2015-7547 | high | 8.1 | 9.1 | 10y ago | Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a den… | |||
| CVE-2015-2142 | high | 8.0 | 9.0 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that caus… | |||
| CVE-2015-8356 | high | 8.0 | 9.0 | 9y ago | Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to adm… | |||
| CVE-2015-5081 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified … | |||
| CVE-2015-5607 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery in the REST API in IPython 2 and 3. | |||
| CVE-2015-0276 | high | 8.8 | 8.8 | 4y ago | Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | |||
| CVE-2015-5173 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails wit… | |||
| CVE-2015-5170 | high | 8.8 | 8.8 | 9y ago | Cloud Foundry Runtime Cross-Site Request Forgery vulnerability | |||
| CVE-2015-5227 | high | 8.8 | 8.8 | 9y ago | The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. | |||
| CVE-2015-7504 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via … | |||
| CVE-2015-7843 | high | 8.8 | 8.8 | 9y ago | The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R00… | |||
| CVE-2015-7358 | high | 7.8 | 8.8 | 9y ago | The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which … | |||
| CVE-2015-6576 | high | 8.8 | 8.8 | 9y ago | Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. | |||
| CVE-2015-9233 | high | 8.8 | 8.8 | 9y ago | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.in… | |||
| CVE-2015-3643 | high | 7.8 | 8.8 | 9y ago | usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local… | |||
| CVE-2015-1336 | high | 7.8 | 8.8 | 9y ago | The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | |||
| CVE-2015-5182 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | |||
| CVE-2015-5237 | high | 8.8 | 8.8 | 9y ago | protobuf susceptible to buffer overflow | |||
| CVE-2015-4669 | high | 7.8 | 8.8 | 9y ago | The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | |||
| CVE-2015-5395 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | |||
| CVE-2015-1329 | high | 8.8 | 8.8 | 9y ago | Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. | |||
| CVE-2015-4681 | high | 7.8 | 8.8 | 9y ago | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | |||
| CVE-2015-4089 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the… | |||
| CVE-2015-9228 | high | 8.8 | 8.8 | 9y ago | In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | |||
| CVE-2015-4724 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Concrete5 5.7.3.1. | |||
| CVE-2015-4697 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563. | |||
| CVE-2015-3450 | high | 8.8 | 8.8 | 9y ago | Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document. | |||
| CVE-2015-0853 | high | 8.8 | 8.8 | 9y ago | svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). | |||
| CVE-2015-8334 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTT… | |||
| CVE-2015-3655 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators b… | |||
| CVE-2015-8332 | high | 8.8 | 8.8 | 9y ago | Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and p… | |||
| CVE-2015-1443 | high | 8.8 | 8.8 | 9y ago | The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. | |||
| CVE-2015-8355 | high | 8.8 | 8.8 | 9y ago | Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" par… | |||
| CVE-2015-5258 | high | 8.8 | 8.8 | 9y ago | springframework-social Cross-Site Request Forgery vulnerability | |||
| CVE-2015-5153 | high | 8.8 | 8.8 | 9y ago | Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. | |||
| CVE-2015-7854 | high | 8.8 | 8.8 | 9y ago | Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly… | |||
| CVE-2015-7849 | high | 8.8 | 8.8 | 9y ago | Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via… | |||
| CVE-2015-7571 | high | 7.8 | 8.8 | 9y ago | Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | |||
| CVE-2015-1332 | high | 8.8 | 8.8 | 9y ago | The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute a… | |||
| CVE-2015-4639 | high | 8.8 | 8.8 | 9y ago | Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web sc… | |||
| CVE-2015-3639 | high | 8.8 | 8.8 | 9y ago | phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. | |||
| CVE-2015-3638 | high | 8.8 | 8.8 | 9y ago | phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to … | |||
| CVE-2015-3315 | high | 7.8 | 8.8 | 9y ago | Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp… | |||
| CVE-2015-1786 | high | 8.8 | 8.8 | 9y ago | Zend Framework CSRF Vulnerability | |||
| CVE-2015-2252 | high | 8.8 | 8.8 | 9y ago | Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | |||
| CVE-2015-3191 | high | 8.8 | 8.8 | 9y ago | With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable … | |||
| CVE-2015-7274 | high | 8.8 | 8.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. | |||
| CVE-2015-6028 | high | 8.8 | 8.8 | 9y ago | Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | |||
| CVE-2015-2889 | high | 8.8 | 8.8 | 9y ago | Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL. | |||
| CVE-2015-2880 | high | 8.8 | 8.8 | 9y ago | TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | |||
| CVE-2015-8671 | high | 8.8 | 8.8 | 9y ago | Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions. | |||
| CVE-2015-8624 | high | 8.8 | 8.8 | 9y ago | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant … | |||
| CVE-2015-8623 | high | 8.8 | 8.8 | 9y ago | The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote at… | |||
| CVE-2015-8989 | high | 8.8 | 8.8 | 9y ago | Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user pa… | |||
| CVE-2015-8988 | high | 8.8 | 8.8 | 9y ago | Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of… | |||
| CVE-2015-8814 | high | 8.8 | 8.8 | 9y ago | Umbraco CMS vulnerable to CSRF | |||
| CVE-2015-8832 | high | 8.8 | 8.8 | 9y ago | Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries… | |||
| CVE-2015-8322 | high | 8.8 | 8.8 | 9y ago | NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||
| CVE-2015-2181 | high | 8.8 | 8.8 | 10y ago | Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username. | |||
| CVE-2015-2180 | high | 8.8 | 8.8 | 10y ago | The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | |||
| CVE-2015-3441 | high | 8.8 | 8.8 | 10y ago | The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) … | |||
| CVE-2015-8542 | high | 8.8 | 8.8 | 10y ago | An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Cl… |