| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2015-10001 | WP-Stats < 2.5.2 - CSRF to Stored Cross-Site Scripting (XSS) | E | |
| CVE-2015-10002 | Kiddoware Kids Place Home Button Protection denial of service | | |
| CVE-2015-10003 | FileZilla Server PORT confused deputy | S | |
| CVE-2015-10004 | Timing side-channel in github.com/robbert229/jwt | S | |
| CVE-2015-10005 | markdown-it html_re.js redos | S | |
| CVE-2015-10006 | admont28 Ingnovarq insertarSliderAjax.php cross site scripting | S | |
| CVE-2015-10007 | 82Flex WEIPDCRM cross site scripting | S | |
| CVE-2015-10008 | 82Flex WEIPDCRM sql injection | S | |
| CVE-2015-10009 | nterchange code_caller_controller.php getContent code injection | S | |
| CVE-2015-10010 | OpenDNS OpenResolve API endpoints.py get cross site scripting | S | |
| CVE-2015-10011 | OpenDNS OpenResolve endpoints.py neutralization for logs | S | |
| CVE-2015-10012 | sumocoders FrameworkUserBundle login.html.twig information exposure | S | |
| CVE-2015-10013 | WebDevStudios taxonomy-switcher Plugin taxonomy-switcher.php taxonomy_switcher_init cross site scripting | S | |
| CVE-2015-10014 | arekk uke finder.rb sql injection | S | |
| CVE-2015-10015 | glidernet ogn-live sql injection | S | |
| CVE-2015-10016 | jeff-kelley opensim-utils regionscrits.php DatabaseForRegion sql injection | S | |
| CVE-2015-10017 | HPI-Information-Systems ProLOD sql injection | S | |
| CVE-2015-10018 | DBRisinajumi d2files D2filesController.php actionDownloadFile sql injection | S | |
| CVE-2015-10019 | foxoverflow MySimplifiedSQL MySimplifiedSQL_Examples.php cross site scripting | S | |
| CVE-2015-10020 | ssn2013 cis450Project AddAppUser.java addUser sql injection | S | |
| CVE-2015-10021 | ritterim definely database.js cross site scripting | S | |
| CVE-2015-10022 | IISH nlgis2 custom_import.pl sql injection | S | |
| CVE-2015-10023 | Fumon trello-octometric srv.go main sql injection | S | |
| CVE-2015-10024 | hoffie larasync file_storage.go path traversal | S | |
| CVE-2015-10025 | luelista miniConf URL Scanning MessageView.cs denial of service | S | |
| CVE-2015-10026 | tiredtyrant flairbot flair.py sql injection | S | |
| CVE-2015-10027 | hydrian TTRSS-Auth-LDAP Username ldap injection | S | |
| CVE-2015-10028 | ss15-this-is-sparta Main Page roomElement.js cross site scripting | S | |
| CVE-2015-10029 | kelvinmo simplexrd simplexrd.class.php xml external entity reference | S | |
| CVE-2015-10030 | SUKOHI Surpass Surpass.php pathname traversal | S | |
| CVE-2015-10031 | purpleparrots 491-Project Highscore update.php sql injection | S | |
| CVE-2015-10032 | HealthMateWeb createaccount.php cross site scripting | S | |
| CVE-2015-10033 | jvvlee MerlinsBoard Grade improper authorization | S | |
| CVE-2015-10034 | j-nowak workout-organizer sql injection | S | |
| CVE-2015-10035 | gperson angular-test-reporter data-server.js addTest sql injection | S | |
| CVE-2015-10036 | kylebebak dronfelipe sql injection | S | |
| CVE-2015-10037 | ACI_Escola sql injection | S | |
| CVE-2015-10038 | nym3r0s pplv2 sql injection | S | |
| CVE-2015-10039 | dobos domino EntityFactory.cs sql injection | S | |
| CVE-2015-10040 | gitlearn Escape Sequence config.sh getOutOf injection | E S | |
| CVE-2015-10041 | Dovgalyuk AIBattle procedures.php sendComments sql injection | S | |
| CVE-2015-10042 | Dovgalyuk AIBattle procedures.php registerUser sql injection | S | |
| CVE-2015-10043 | abreen Apollo path traversal | S | |
| CVE-2015-10044 | gophergala sqldump sql injection | S | |
| CVE-2015-10045 | tutrantta project_todolist Database.php update sql injection | S | |
| CVE-2015-10046 | lolfeedback sql injection | S | |
| CVE-2015-10047 | KYUUBl school-register DBManager.java sql injection | S | |
| CVE-2015-10048 | bmattoso desafio_buzz_woody sql injection | S | |
| CVE-2015-10049 | Overdrive Eletrônica course-builder oeditor.html cross site scripting | S | |
| CVE-2015-10050 | brandonfire miRNA_Database_by_PHP_MySql model.php count_rna sql injection | S | |
| CVE-2015-10051 | bony2023 Discussion-Board main.php display_all_replies sql injection | S | |
| CVE-2015-10052 | calesanz gibb-modul-151 login redirect | S | |
| CVE-2015-10053 | prodigasistemas curupira passwords_controller.rb sql injection | S | |
| CVE-2015-10054 | githuis P2Manage Database.cs Execute sql injection | S | |
| CVE-2015-10055 | PictureThisWebServer user.js router.post sql injection | S | |
| CVE-2015-10056 | 2071174A vinylmap views.py contact sql injection | S | |
| CVE-2015-10057 | Little Apps Little Software Stats Password Reset class.securelogin.php access control | S | |
| CVE-2015-10058 | Wikisource Category Browser index.php cross site scripting | S | |
| CVE-2015-10059 | s134328 Webapplication-Veganguide apiService.js cross site scripting | S | |
| CVE-2015-10060 | MNBikeways database views.py sql injection | S | |
| CVE-2015-10061 | evandro-machado Trabalho-Web2 ClienteDAO.java sql injection | S | |
| CVE-2015-10062 | galaxy-data-resource Command Line Template injection | S | |
| CVE-2015-10063 | saemorris TheRadSystem _login.php redirect sql injection | S | |
| CVE-2015-10064 | VictorFerraresi pokemon-database-php sql injection | S | |
| CVE-2015-10065 | AenBleidd FiND my_validator.cpp init_result buffer overflow | S | |
| CVE-2015-10066 | tynx wuersch Store.class.php getByCustomQuery sql injection | S | |
| CVE-2015-10067 | oznetmaster SSharpSmartThreadPool SmartThreadPool.cs race condition | S | |
| CVE-2015-10068 | danynab movify-j ReviewServiceImpl.java getByMovieId sql injection | S | |
| CVE-2015-10069 | viakondratiuk cash-machine machine.py update_failed_attempts sql injection | S | |
| CVE-2015-10070 | copperwall Twiddit index.php sql injection | S | |
| CVE-2015-10071 | gitter-badger ezpublish-modern-legacy forgotpassword.php password recovery | S | |
| CVE-2015-10072 | NREL api-umbrella-web Flash Message cross site scripting | S | |
| CVE-2015-10073 | tinymighty WikiSEO Meta Property Tag WikiSEO.body.php modifyHTML cross site scripting | E S | |
| CVE-2015-10074 | OpenSeaMap online_chart index.php init cross site scripting | S | |
| CVE-2015-10075 | Custom-Content-Width custom-content-width.php register_settings cross site scripting | S | |
| CVE-2015-10076 | dimtion Shaarlier Tag TagsSource.java createTag sql injection | S | |
| CVE-2015-10077 | webbuilders-group silverstripe-kapost-bridge KapostService.php getPreview sql injection | S | |
| CVE-2015-10078 | atwellpub Resend Welcome Email Plugin resend-welcome-email.php send_welcome_email_url cross site scripting | S | |
| CVE-2015-10079 | juju2143 WalrusIRC parser.js parseLinks cross site scripting | S | |
| CVE-2015-10080 | NREL api-umbrella-web Admin Data Table cross site scripting | S | |
| CVE-2015-10081 | arnoldle submitByMailPlugin edit_list.php cross-site request forgery | S | |
| CVE-2015-10082 | UIKit0 libplist XML xplist.c plist_from_xml xml external entity reference | S | |
| CVE-2015-10083 | harrystech Dynosaur-Rails application_controller.rb basic_auth improper authentication | S | |
| CVE-2015-10084 | irontec klear-library BaseController.php _prepareWhere sql injection | S | |
| CVE-2015-10085 | GoPistolet MTA denial of service | S | |
| CVE-2015-10086 | OpenCycleCompass server-php login.php sql injection | S | |
| CVE-2015-10087 | UpThemes Theme DesignFolio Plus unrestricted upload | E S | |
| CVE-2015-10088 | ayttm proxy.c http_connect format string | S | |
| CVE-2015-10089 | flame.js cross site scripting | S | |
| CVE-2015-10090 | Landing Pages Plugin cross site scripting | S | |
| CVE-2015-10091 | ByWater Solutions bywater-koha-xslt systempreferences.pl StringSearch sql injection | S | |
| CVE-2015-10092 | Qtranslate Slug Plugin class-qtranslate-slug.php add_slug_meta_box cross site scripting | S | |
| CVE-2015-10093 | Mark User as Spammer Plugin plugin.php user_row_actions cross site scripting | S | |
| CVE-2015-10094 | Fastly Plugin api.php post cross site scripting | S | |
| CVE-2015-10095 | woo-popup Plugin class-woo-popup-admin.php cross site scripting | S | |
| CVE-2015-10096 | Zarthus IRC Twitter Announcer Bot twitter_announcer.rb get_tweets command injection | S | |
| CVE-2015-10097 | grinnellplans-php read.php interface_disp_page sql injection | S | |
| CVE-2015-10098 | Broken Link Checker Plugin ui_get_action_links cross site scripting | S | |
| CVE-2015-10099 | CP Appointment Calendar Plugin dex_appointments.php dex_process_ready_to_go_appointment sql injection | S | |
| CVE-2015-10100 | Dynamic Widgets Plugin dynwid_class.php sql injection | S | |
| CVE-2015-10101 | Google Analytics Top Content Widget Plugin class-tgm-plugin-activation.php cross site scripting | S | |
| CVE-2015-10102 | Freshdesk Plugin redirect | S | |
| CVE-2015-10103 | InternalError503 Forget It settings.js infinite loop | S | |
| CVE-2015-10104 | Icons for Features Plugin class-icons-for-features-admin.php redirect | S | |
| CVE-2015-10105 | IP Blacklist Cloud Plugin CSV File Import ip_blacklist_cloud.php valid_js_identifier path traversal | S | |
| CVE-2015-10106 | mback2k mh_httpbl Extension index.php moduleContent sql injection | S | |
| CVE-2015-10107 | Simplr Registration Form Plus+ Plugin cross site scripting | S | |
| CVE-2015-10108 | meitar Inline Google Spreadsheet Viewer Plugin inline-gdocs-viewer.php displayShortcode cross-site request forgery | S | |
| CVE-2015-10109 | Video Playlist and Gallery Plugin wp-media-cincopa.php cross-site request forgery | S | |
| CVE-2015-10110 | ruddernation TinyChat Room Spy Plugin room-spy.php wp_show_room_spy cross site scripting | S | |
| CVE-2015-10111 | Watu Quiz Plugin Exam exam.php watu_exams sql injection | S | |
| CVE-2015-10112 | WooFramework Branding Plugin wooframework-branding.php admin_screen_logic redirect | S | |
| CVE-2015-10113 | WooFramework Tweaks Plugin wooframework-tweaks.php admin_screen_logic redirect | S | |
| CVE-2015-10114 | WooSidebars Plugin class-woo-sidebars.php enable_custom_post_sidebars redirect | S | |
| CVE-2015-10115 | WooSidebars Sidebar Manager Converter Plugin class-woosidebars-sbm-converter.php process_request redirect | S | |
| CVE-2015-10116 | RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request forgery | S | |
| CVE-2015-10117 | Gravity Forms DPS PxPay Plugin cross site scripting | S | |
| CVE-2015-10118 | cchetanonline WP-CopyProtect wp-copyprotect.php CopyProtect_options_page cross site scripting | S | |
| CVE-2015-10119 | View All Posts Page Plugin view-all-posts-pages.php action_admin_notices_activation cross site scripting | S | |
| CVE-2015-10120 | WDS Multisite Aggregate Plugin WDS_Multisite_Aggregate_Options.php update_options cross site scripting | S | |
| CVE-2015-10121 | Beeliked Microsite Plugin beelikedmicrosite.php embed_handler cross site scripting | S | |
| CVE-2015-10122 | wp-donate Plugin donate-display.php sql injection | S | |
| CVE-2015-10123 | Wago: Buffer Copy without Checking Size of Input in wbm of multiple products | | |
| CVE-2015-10124 | Most Popular Posts Widget Plugin functions.php show_views sql injection | S | |
| CVE-2015-10125 | WP Ultimate CSV Importer Plugin cross-site request forgery | S | |
| CVE-2015-10126 | Easy2Map Photos Plugin sql injection | S | |
| CVE-2015-10127 | PlusCaptcha Plugin cross site scripting | S | |
| CVE-2015-10128 | rt-prettyphoto Plugin rt-prettyphoto.php royal_prettyphoto_plugin_links cross site scripting | S | |
| CVE-2015-10129 | planet-freo auth.inc.php comparison | S | |
| CVE-2015-10130 | The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request ... | S | |
| CVE-2015-10131 | chrisy TFO Graphviz Plugin tfo-graphviz-admin.php admin_page cross site scripting | S | |
| CVE-2015-10132 | Thimo Grauerholz WP-Spreadplugin spreadplugin.php cross site scripting | S |