CVE-2015-2xxx

There are 908 CVE in this subgroup.
Last updated: 
← Back to 2015
ID Summary Flags Max Score
CVE-2015-2000 The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging...
CVE-2015-2001 The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leverag...
CVE-2015-2002 The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary c...
CVE-2015-2003 The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitra...
CVE-2015-2004 The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbi...
CVE-2015-2005 IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not prope...
CVE-2015-2007 Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remo...
CVE-2015-2008 IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private k...
CVE-2015-2009 Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 bef...
CVE-2015-2010 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0010. Reason: This candida...
R
CVE-2015-2011 The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 ...
S
CVE-2015-2012 The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8...
CVE-2015-2013 IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel...
S
CVE-2015-2014 Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before ...
S
CVE-2015-2015 Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web ser...
S
CVE-2015-2016 Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Pat...
S
CVE-2015-2017 CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 bef...
CVE-2015-2018 IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 bef...
S
CVE-2015-2019 IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3...
S
CVE-2015-2020 The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveragin...
E
CVE-2015-2023 Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified...
E
CVE-2015-2025 IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure fl...
S
CVE-2015-2026 Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 ...
S
CVE-2015-2027 IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout...
S
CVE-2015-2028 CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7....
S
CVE-2015-2029 Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before ...
S
CVE-2015-2030 IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lo...
S
CVE-2015-2031 Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1...
S
CVE-2015-2033 Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to ...
CVE-2015-2034 Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows...
E S
CVE-2015-2035 SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote admin...
E S
CVE-2015-2039 Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form pl...
CVE-2015-2040 Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-data...
E
CVE-2015-2041 net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl tab...
CVE-2015-2042 net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, whic...
CVE-2015-2043 Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow rem...
E
CVE-2015-2044 The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly init...
CVE-2015-2045 The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data st...
S
CVE-2015-2046 Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20....
S
CVE-2015-2047 The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and...
CVE-2015-2048 Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier al...
CVE-2015-2049 Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remo...
E
CVE-2015-2050 D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands v...
CVE-2015-2051 The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote att...
KEV E
CVE-2015-2052 Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and e...
E
CVE-2015-2053 The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections onl...
CVE-2015-2054 CRLF injection vulnerability in export.cfg in the web-based administrative console for Sierra Wirele...
E
CVE-2015-2055 Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a...
E
CVE-2015-2058 c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains ...
CVE-2015-2059 The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-depen...
S
CVE-2015-2060 cabextract before 1.6 does not properly check for leading slashes when extracting files, which allow...
E S
CVE-2015-2061 Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execut...
CVE-2015-2062 Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for ...
E
CVE-2015-2063 Integer overflow in unace 1.2b allows remote attackers to cause a denial of service (crash) via a sm...
E
CVE-2015-2064 Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attacker...
CVE-2015-2065 SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-vid...
E
CVE-2015-2066 SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands...
CVE-2015-2067 Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer...
E
CVE-2015-2068 Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin ...
E
CVE-2015-2069 Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allow...
E
CVE-2015-2070 SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attacker...
E
CVE-2015-2071 Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition ...
E
CVE-2015-2072 Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Deve...
E
CVE-2015-2073 The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attac...
CVE-2015-2074 The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attac...
CVE-2015-2075 SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue v...
CVE-2015-2076 The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive inf...
CVE-2015-2077 The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885...
E
CVE-2015-2078 The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885...
E
CVE-2015-2079 Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution b...
E
CVE-2015-2080 The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtai...
E
CVE-2015-2081 Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts...
CVE-2015-2082 Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allo...
E
CVE-2015-2083 Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows remote attackers to hijack the au...
E
CVE-2015-2084 Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for Wor...
E
CVE-2015-2086 Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x...
S
CVE-2015-2087 Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allow...
S
CVE-2015-2088 Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue modul...
S
CVE-2015-2089 Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jque...
E
CVE-2015-2090 SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and ...
E
CVE-2015-2091 The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client c...
CVE-2015-2092 The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote a...
CVE-2015-2093 Stack-based buffer overflow in the Connect function in the WebGate WebEyeAudio ActiveX control allow...
CVE-2015-2094 Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows ...
E
CVE-2015-2095 Heap-based buffer overflow in the SetConnectInfo function in the WESPPTZ.WESPPTZCtrl.1 ActiveX contr...
CVE-2015-2096 Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX co...
CVE-2015-2097 Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to...
E
CVE-2015-2098 Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbi...
CVE-2015-2099 Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code...
CVE-2015-2100 Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attack...
CVE-2015-2101 Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 a...
S
CVE-2015-2102 SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote...
E
CVE-2015-2103 Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop all...
E
CVE-2015-2104 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2015-2106 Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, a...
CVE-2015-2107 HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS com...
CVE-2015-2108 Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allow...
CVE-2015-2109 Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass auth...
CVE-2015-2110 Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspeci...
S
CVE-2015-2111 Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2...
S
CVE-2015-2112 Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3...
CVE-2015-2113 Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3...
CVE-2015-2114 HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary pro...
CVE-2015-2115 Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before...
S
CVE-2015-2116 Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authe...
S
CVE-2015-2117 HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System...
CVE-2015-2118 Unspecified vulnerability in the Secure Pull Print and Security Pull Print components in HP Access C...
S
CVE-2015-2119 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2120 Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x befo...
S
CVE-2015-2121 HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attacke...
CVE-2015-2122 The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a d...
CVE-2015-2123 Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before ...
CVE-2015-2124 Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Co...
S
CVE-2015-2125 Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authe...
E
CVE-2015-2126 Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privilege...
CVE-2015-2127 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2128 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2129 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2130 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2131 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2132 Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and...
S
CVE-2015-2133 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2134 Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 ...
CVE-2015-2135 Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows...
CVE-2015-2136 HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorizat...
CVE-2015-2137 Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 ...
S
CVE-2015-2138 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2139 HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5...
CVE-2015-2140 HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5...
CVE-2015-2141 The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly ...
CVE-2015-2142 Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7....
CVE-2015-2143 Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7....
CVE-2015-2144 Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow...
CVE-2015-2145 Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow...
CVE-2015-2146 Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attac...
CVE-2015-2147 Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attac...
CVE-2015-2148 Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow...
CVE-2015-2149 Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBul...
E S
CVE-2015-2150 Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI c...
CVE-2015-2151 The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructi...
S
CVE-2015-2152 Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM gu...
S
CVE-2015-2153 The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allow...
E
CVE-2015-2154 The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allo...
CVE-2015-2155 The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (cras...
S
CVE-2015-2156 Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4....
CVE-2015-2157 The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not prop...
S
CVE-2015-2158 Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allow...
S
CVE-2015-2165 Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Se...
E
CVE-2015-2166 Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery ...
E
CVE-2015-2167 Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (M...
E
CVE-2015-2168 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi...
R
CVE-2015-2169 Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 al...
E
CVE-2015-2170 The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash)...
S
CVE-2015-2171 Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object inje...
CVE-2015-2172 DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL p...
CVE-2015-2177 Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode ...
E
CVE-2015-2178 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2179 The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by li...
E
CVE-2015-2180 The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execut...
E
CVE-2015-2181 Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allo...
E
CVE-2015-2182 Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject a...
E
CVE-2015-2183 Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote admi...
E
CVE-2015-2184 ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to ad...
E
CVE-2015-2186 The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX account...
S
CVE-2015-2187 The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC d...
CVE-2015-2188 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x befo...
CVE-2015-2189 Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wiresh...
CVE-2015-2190 epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater t...
CVE-2015-2191 Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector...
CVE-2015-2192 Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c ...
CVE-2015-2194 Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion...
E
CVE-2015-2195 Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPre...
CVE-2015-2196 SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to ...
E
CVE-2015-2197 Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows r...
S
CVE-2015-2198 Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow r...
E
CVE-2015-2199 Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPr...
E
CVE-2015-2201 Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and f...
CVE-2015-2202 Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privilege...
CVE-2015-2203 Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to o...
S
CVE-2015-2204 Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass...
S
CVE-2015-2206 libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x ...
CVE-2015-2207 Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before ...
E
CVE-2015-2208 The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitr...
E
CVE-2015-2209 DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php...
CVE-2015-2210 The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitr...
M
CVE-2015-2212 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-5623. Reason: This candida...
R
CVE-2015-2213 SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in Word...
S
CVE-2015-2214 NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url...
CVE-2015-2215 Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper...
CVE-2015-2216 SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remo...
E
CVE-2015-2217 Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 a...
E
CVE-2015-2218 Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderplugi...
E
CVE-2015-2219 Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable securit...
CVE-2015-2220 Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordP...
E
CVE-2015-2221 ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a craf...
S
CVE-2015-2222 ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted peti...
S
CVE-2015-2223 Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in...
E
CVE-2015-2230 Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console....
S
CVE-2015-2233 Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly valida...
CVE-2015-2234 Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses w...
CVE-2015-2235 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1067. Reason: This candida...
R
CVE-2015-2236 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2015-2237 Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers t...
E
CVE-2015-2238 Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 4...
CVE-2015-2239 Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider th...
CVE-2015-2241 Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django befo...
E
CVE-2015-2242 Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbit...
CVE-2015-2243 Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified ...
CVE-2015-2244 Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to ...
CVE-2015-2245 Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash)....
CVE-2015-2246 The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versio...
CVE-2015-2247 Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to mod...
CVE-2015-2248 Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote A...
E S
CVE-2015-2249 Zimbra Collaboration before 8.6.0 patch5 has XSS....
CVE-2015-2250 Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers...
E S
CVE-2015-2251 The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow...
CVE-2015-2252 Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to ...
CVE-2015-2253 The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remo...
CVE-2015-2254 Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to ...
CVE-2015-2255 Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial o...
CVE-2015-2263 Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5...
CVE-2015-2264 Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (...
CVE-2015-2265 The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IP...
E S
CVE-2015-2266 message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before ...
CVE-2015-2267 mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 ...
CVE-2015-2268 filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8...
CVE-2015-2269 Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2....
CVE-2015-2270 lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before ...
CVE-2015-2271 tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4...
CVE-2015-2272 login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2....
CVE-2015-2273 Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php...
CVE-2015-2275 Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows r...
E
CVE-2015-2278 The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP...
E
CVE-2015-2279 cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with ...
E
CVE-2015-2280 snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC162...
E
CVE-2015-2281 Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164...
E
CVE-2015-2282 Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC funct...
E
CVE-2015-2284 userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attac...
S
CVE-2015-2285 The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu...
E
CVE-2015-2286 lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restr...
CVE-2015-2287 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A typo caused the wrong...
R
CVE-2015-2289 Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2...
E
CVE-2015-2291 (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics dr...
KEV E S
CVE-2015-2292 Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SE...
E
CVE-2015-2293 Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php...
E
CVE-2015-2294 Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remo...
E
CVE-2015-2295 Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebG...
E
CVE-2015-2296 The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attacker...
CVE-2015-2297 nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference ...
CVE-2015-2298 node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain s...
S
CVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5....
E
CVE-2015-2302 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6405. Reason: This candida...
R
CVE-2015-2303 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6406. Reason: This candida...
R
CVE-2015-2304 Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attac...
E
CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer...
E
CVE-2015-2308 Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4....
S
CVE-2015-2310 Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allo...
CVE-2015-2311 Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remot...
CVE-2015-2312 Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial ...
CVE-2015-2313 Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the total...
CVE-2015-2314 SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to...
E
CVE-2015-2315 Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote...
E
CVE-2015-2316 The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x befo...
S
CVE-2015-2317 The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x befor...
CVE-2015-2318 The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping a...
CVE-2015-2319 The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade...
CVE-2015-2320 The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors r...
CVE-2015-2321 Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress ...
E
CVE-2015-2323 FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly oth...
CVE-2015-2324 Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.1...
CVE-2015-2325 The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorr...
E
CVE-2015-2326 The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorre...
E
CVE-2015-2327 PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain in...
E
CVE-2015-2328 PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursio...
E
CVE-2015-2329 Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows...
CVE-2015-2330 Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a sec...
CVE-2015-2331 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used...
E
CVE-2015-2332 Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 al...
S
CVE-2015-2333 Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1...
S
CVE-2015-2334 Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka ...
S
CVE-2015-2335 A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the inst...
S
CVE-2015-2336 TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before...
S
CVE-2015-2337 TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before ...
CVE-2015-2338 TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before...
S
CVE-2015-2339 TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before...
S
CVE-2015-2340 TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before ...
S
CVE-2015-2341 VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before ...
S
CVE-2015-2342 The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 ...
S
CVE-2015-2343 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2344 Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux all...
CVE-2015-2345 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2346 XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows ...
E
CVE-2015-2347 Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows...
E
CVE-2015-2348 The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x ...
E
CVE-2015-2349 Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in SuperWebMailer 5.60.0.01190 and...
CVE-2015-2350 Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote a...
E
CVE-2015-2351 Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remot...
E
CVE-2015-2352 The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of...
S
CVE-2015-2359 Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 C...
CVE-2015-2360 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista...
KEV S
CVE-2015-2361 Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 does not properly initialize guest OS sy...
CVE-2015-2362 Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server ...
CVE-2015-2363 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista...
CVE-2015-2364 The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows S...
CVE-2015-2365 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista...
E
CVE-2015-2366 win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Window...
E
CVE-2015-2367 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista...
CVE-2015-2368 Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows ...
CVE-2015-2369 Untrusted search path vulnerability in Windows Media Device Manager in Microsoft Windows Server 2003...
CVE-2015-2370 The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 S...
E
CVE-2015-2371 The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Wi...
CVE-2015-2372 vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and ...
CVE-2015-2373 The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows ...
CVE-2015-2374 The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2...
CVE-2015-2375 Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services o...
CVE-2015-2376 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Ex...
CVE-2015-2377 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibilit...
CVE-2015-2378 Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 S...
CVE-2015-2379 Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for...
CVE-2015-2380 Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1 allow r...
CVE-2015-2381 win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold ...
CVE-2015-2382 win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold ...
CVE-2015-2383 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2015-2384 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2015-2385 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2386 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2387 ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ...
KEV S
CVE-2015-2388 Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a den...
CVE-2015-2389 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2015-2390 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2391 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2015-2392 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2393 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2394 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2395 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2396 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2397 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2398 Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a craf...
CVE-2015-2399 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2400 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2401 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2402 Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted we...
CVE-2015-2403 Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2015-2404 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2405 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2406 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2407 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2408 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2409 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2410 Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local...
CVE-2015-2411 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2015-2412 Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a cr...
CVE-2015-2413 Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local...
CVE-2015-2414 Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-histor...
CVE-2015-2415 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibilit...
CVE-2015-2416 OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win...
CVE-2015-2417 OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win...
CVE-2015-2418 Race condition in Microsoft Malicious Software Removal Tool (MSRT) before 5.26 allows local users to...
S
CVE-2015-2419 JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code...
KEV S
CVE-2015-2420 Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold bef...
S
CVE-2015-2421 Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mecha...
CVE-2015-2422 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2423 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8...
S
CVE-2015-2424 Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP...
KEV S
CVE-2015-2425 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...
KEV S
CVE-2015-2426 Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista S...
KEV E S
CVE-2015-2427 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2015-2428 Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi...
S
CVE-2015-2429 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8...
S
CVE-2015-2430 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8...
S
CVE-2015-2431 Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Ly...
E
CVE-2015-2432 ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2...
E S
CVE-2015-2433 The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window...
E S
CVE-2015-2434 Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers...
CVE-2015-2435 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8...
S
CVE-2015-2436 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2437 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2438 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2439 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2440 Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection ...
CVE-2015-2441 Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to execute arbitrary code o...
CVE-2015-2442 Microsoft Internet Explorer 8 through 11 and Edge allow remote attackers to execute arbitrary code o...
CVE-2015-2443 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2015-2444 Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ...
E
CVE-2015-2445 Microsoft Internet Explorer 10 allows remote attackers to bypass the ASLR protection mechanism via a...
CVE-2015-2446 Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code or cause a ...
CVE-2015-2447 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2015-2448 Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a de...
CVE-2015-2449 Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protecti...
CVE-2015-2450 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2451 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2452 Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2453 The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2...
S
CVE-2015-2454 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7...
S
CVE-2015-2455 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8...
E S
CVE-2015-2456 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8...
E S
CVE-2015-2457 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2458 ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2...
E S
CVE-2015-2459 ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2...
E S
CVE-2015-2460 ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2...
E S
CVE-2015-2461 ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2...
E S
CVE-2015-2462 ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2...
E S
CVE-2015-2463 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8...
E S
CVE-2015-2464 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8...
E S
CVE-2015-2465 The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...
S
CVE-2015-2466 Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute ar...
CVE-2015-2467 Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, ...
E
CVE-2015-2468 Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for...
E
CVE-2015-2469 Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attack...
E
CVE-2015-2470 Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1...
E
CVE-2015-2471 Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote att...
CVE-2015-2472 Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows...
S
CVE-2015-2473 Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Mi...
CVE-2015-2474 Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote authenticated users to execute arbitrar...
CVE-2015-2475 Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component i...
CVE-2015-2476 The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...
S
CVE-2015-2477 Microsoft Office 2007 SP3, Office for Mac 2011, Office for Mac 2016, and Word Viewer allow remote at...
CVE-2015-2478 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8...
S
CVE-2015-2479 The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at opt...
CVE-2015-2480 The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at opt...
CVE-2015-2481 The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at opt...
CVE-2015-2482 The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Expl...
E
CVE-2015-2483 Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from p...
CVE-2015-2484 Microsoft Internet Explorer 10 and 11 uses an incorrect flag during certain filesystem accesses, whi...
CVE-2015-2485 Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitr...
CVE-2015-2486 Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitr...
CVE-2015-2487 Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2488 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2489 Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, as...
CVE-2015-2490 Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2491 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2492 Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2493 The (1) VBScript and (2) JScript engines in Microsoft Internet Explorer 8 allow remote attackers to ...
CVE-2015-2494 Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitr...
CVE-2015-2495 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2496 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2497 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2498 Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2499 Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2500 Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a den...
CVE-2015-2501 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2015-2502 Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause ...
KEV E S
CVE-2015-2503 Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3,...
CVE-2015-2504 Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts object...
CVE-2015-2505 Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows ...
CVE-2015-2506 atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...
S
CVE-2015-2507 The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, W...
E S
CVE-2015-2508 The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a c...
E
CVE-2015-2509 Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allow...
E S
CVE-2015-2510 Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 200...
E
CVE-2015-2511 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7...
E S
CVE-2015-2512 The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, W...
E S
CVE-2015-2513 Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W...
S
CVE-2015-2514 Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W...
S
CVE-2015-2515 Use-after-free vulnerability in Windows Shell in Microsoft Windows Vista SP2, Windows Server 2008 SP...
S
CVE-2015-2516 Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W...
S
CVE-2015-2517 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7...
E S
CVE-2015-2518 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7...
E S
CVE-2015-2519 Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 S...
S
CVE-2015-2520 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3...
E
CVE-2015-2521 Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remo...
E
CVE-2015-2522 Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote a...
CVE-2015-2523 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and ...
E
CVE-2015-2524 Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Wind...
E S
CVE-2015-2525 Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi...
E S
CVE-2015-2526 Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of ser...
CVE-2015-2527 The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Wind...
E S
CVE-2015-2528 Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Wind...
E S
CVE-2015-2529 The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 allows l...
S
CVE-2015-2530 Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W...
S
CVE-2015-2531 Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skyp...
CVE-2015-2532 Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to in...
CVE-2015-2533 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2534 Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL se...
S
CVE-2015-2535 Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows ...
CVE-2015-2536 Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server...
CVE-2015-2537 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2538 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2539 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2540 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2541 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2015-2542 Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary...
CVE-2015-2543 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 20...
CVE-2015-2544 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 20...
CVE-2015-2545 Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute ar...
KEV E S
CVE-2015-2546 The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7...
KEV S
CVE-2015-2547 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2548 Use-after-free vulnerability in the Tablet Input Band in Windows Shell in Microsoft Windows Vista SP...
CVE-2015-2549 The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window...
S
CVE-2015-2550 The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window...
S
CVE-2015-2551 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2552 The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and...
E S
CVE-2015-2553 The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window...
E S
CVE-2015-2554 The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and...
E S
CVE-2015-2555 Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2...
CVE-2015-2556 The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses...
CVE-2015-2557 Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrar...
CVE-2015-2558 Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013...
CVE-2015-2559 Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password o...
CVE-2015-2560 Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of us...
E
CVE-2015-2562 Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1....
E
CVE-2015-2563 SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote atta...
CVE-2015-2564 SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote aut...
E
CVE-2015-2565 Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 11.5.10....
CVE-2015-2566 Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated user...
CVE-2015-2567 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated user...
CVE-2015-2568 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows ...
S
CVE-2015-2569 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2570 Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Su...
S
CVE-2015-2571 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows ...
CVE-2015-2572 Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion ...
E S
CVE-2015-2573 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows ...
CVE-2015-2574 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via ...
S
CVE-2015-2575 Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allow...
CVE-2015-2576 Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when r...
S
CVE-2015-2577 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, int...
S
CVE-2015-2578 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability ...
S
CVE-2015-2579 Unspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Scie...
CVE-2015-2580 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availabilit...
S
CVE-2015-2581 Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.1...
S
CVE-2015-2582 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows re...
S
CVE-2015-2583 Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42...
S
CVE-2015-2584 Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in O...
S
CVE-2015-2585 Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0 ...
CVE-2015-2586 Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2....
S
CVE-2015-2587 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, an...
S
CVE-2015-2588 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
S
CVE-2015-2589 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availabilit...
S
CVE-2015-2590 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33...
KEV S
CVE-2015-2591 Unspecified vulnerability in the PeopleSoft Enterprise Portal - Interaction Hub component in Oracle ...
CVE-2015-2592 Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in O...
S
CVE-2015-2593 Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2....
S
CVE-2015-2594 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ...
S
CVE-2015-2595 Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 12.1.0.1 and 12.1.0...
S
CVE-2015-2596 Unspecified vulnerability in Oracle Java SE 7u80 allows remote attackers to affect integrity via unk...
S
CVE-2015-2597 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local users to affect confidentiali...
S
CVE-2015-2598 Unspecified vulnerability in the mobile app in Oracle Business Intelligence Enterprise Edition in Or...
S
CVE-2015-2599 Unspecified vulnerability in the RDBMS Scheduler component in Oracle Database Server 11.1.0.7, 11.2....
S
CVE-2015-2600 Unspecified vulnerability in the Siebel Core - Server OM Svcs component in Oracle Siebel CRM 8.1.1, ...
S
CVE-2015-2601 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embed...
S
CVE-2015-2602 Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusi...
S
CVE-2015-2603 Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusi...
S
CVE-2015-2604 Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusi...
S
CVE-2015-2605 Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusi...
S
CVE-2015-2606 Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusi...
S
CVE-2015-2607 Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager ...
S
CVE-2015-2608 Unspecified vulnerability in (1) the Oracle Communications Diameter Signaling Router (DSR) component...
CVE-2015-2609 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via v...
S
CVE-2015-2610 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite ...
S
CVE-2015-2611 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated user...
S
CVE-2015-2612 Unspecified vulnerability in the Siebel Core - Server OM Svcs component in Oracle Siebel CRM 8.1.1, ...
S
CVE-2015-2613 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows...
S
CVE-2015-2614 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via v...
S
CVE-2015-2615 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite ...
S
CVE-2015-2616 Unspecified vulnerability in Oracle Sun Solaris 3.3 and 4.2 allows local users to affect availabilit...
S
CVE-2015-2617 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated user...
S
CVE-2015-2618 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su...
S
CVE-2015-2619 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 ...
S
CVE-2015-2620 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows re...
S
CVE-2015-2621 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33...
S
CVE-2015-2622 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
S
CVE-2015-2623 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1...
S
CVE-2015-2624 Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42...
S
CVE-2015-2625 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embed...
S
CVE-2015-2626 Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42...
S
CVE-2015-2627 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect c...
S
CVE-2015-2628 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33...
S
CVE-2015-2629 Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11....
S
CVE-2015-2630 Unspecified vulnerability in the Technology stack component in Oracle E-Business Suite 11.5.10.2, 12...
S
CVE-2015-2631 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentia...
S
CVE-2015-2632 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect c...
S
CVE-2015-2633 Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manage...
CVE-2015-2634 Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1...
S
CVE-2015-2635 Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1...
S
CVE-2015-2636 Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1...
S
CVE-2015-2637 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedde...
S
CVE-2015-2638 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedde...
S
CVE-2015-2639 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated user...
S
CVE-2015-2640 Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42...
S
CVE-2015-2641 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated user...
S
CVE-2015-2642 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentia...
CVE-2015-2643 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows re...
S
CVE-2015-2644 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Product...
S
CVE-2015-2645 Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Bu...
S
CVE-2015-2646 Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterpri...
S
CVE-2015-2647 Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterpri...
S
CVE-2015-2648 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows re...
S
CVE-2015-2649 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.22, and...
S
CVE-2015-2650 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
S
CVE-2015-2651 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via v...
S
CVE-2015-2652 Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12...
S
CVE-2015-2653 Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager ...
S
CVE-2015-2654 Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42...
S
CVE-2015-2655 Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2....
S
CVE-2015-2656 Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42...
S
CVE-2015-2657 Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P...
S
CVE-2015-2658 Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 allows r...
S
CVE-2015-2659 Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers t...
S
CVE-2015-2660 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2015-2661 Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect ava...
S
CVE-2015-2662 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availabilit...
S
CVE-2015-2663 Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P...
S
CVE-2015-2664 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confid...
S
CVE-2015-2665 Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject ar...
CVE-2015-2666 Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/micr...
S
CVE-2015-2667 Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan...
E
CVE-2015-2668 ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a craf...
S
CVE-2015-2670 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-2671 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2015-2672 The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 cr...
CVE-2015-2673 The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions...
E
CVE-2015-2674 Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_so...
CVE-2015-2675 The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the ...
S
CVE-2015-2676 Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and...
E
CVE-2015-2677 Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authentic...
E S
CVE-2015-2678 Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote...
E S
CVE-2015-2679 Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to...
E S
CVE-2015-2680 Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote at...
E S
CVE-2015-2681 Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6...
E
CVE-2015-2682 Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obt...
E
CVE-2015-2683 Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict acc...
E
CVE-2015-2684 Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of...
CVE-2015-2686 net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sen...
CVE-2015-2687 OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to a...
CVE-2015-2688 buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected ar...
S
CVE-2015-2689 Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve ...
S
CVE-2015-2690 Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addo...
E S
CVE-2015-2692 AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and t...
E
CVE-2015-2694 The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly ...
CVE-2015-2695 lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate ...
S
CVE-2015-2696 lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context...
S
CVE-2015-2697 The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14...
S
CVE-2015-2698 The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) ...
CVE-2015-2701 Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack t...
E
CVE-2015-2702 Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websens...
E
CVE-2015-2703 Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Ser...
E
CVE-2015-2704 realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a...
CVE-2015-2706 Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37...
CVE-2015-2708 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox E...
CVE-2015-2709 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remo...
CVE-2015-2710 Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31....
CVE-2015-2711 Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META elemen...
CVE-2015-2712 The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths du...
CVE-2015-2713 Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 3...
CVE-2015-2714 Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android lo...
CVE-2015-2715 Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0...
CVE-2015-2716 Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and ...
CVE-2015-2717 Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute...
CVE-2015-2718 The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same ...
CVE-2015-2720 The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathnam...
CVE-2015-2721 Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox...
E
CVE-2015-2722 Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before ...
CVE-2015-2723 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-4000. Reason: This candida...
R
CVE-2015-2724 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox E...
CVE-2015-2725 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox E...
CVE-2015-2726 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remo...
CVE-2015-2727 Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary fil...
CVE-2015-2728 The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and ...
CVE-2015-2729 The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Fire...
CVE-2015-2730 Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firef...
CVE-2015-2731 Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation ...
CVE-2015-2733 Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before ...
CVE-2015-2734 The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Fi...
CVE-2015-2735 nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, ...
CVE-2015-2736 The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31....
CVE-2015-2737 The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39...
CVE-2015-2738 The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla ...
CVE-2015-2739 The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8...
CVE-2015-2740 Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39....
CVE-2015-2741 Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforc...
CVE-2015-2742 Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of cras...
CVE-2015-2743 PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables ...
CVE-2015-2744 Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 ...
CVE-2015-2745 Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS ...
CVE-2015-2746 The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU...
E
CVE-2015-2747 Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Foren...
E
CVE-2015-2748 Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, whi...
E
CVE-2015-2749 Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to...
S
CVE-2015-2750 Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7....
S
CVE-2015-2751 Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial...
S
CVE-2015-2752 The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough dev...
S
CVE-2015-2753 FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or poss...
CVE-2015-2754 FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and pos...
CVE-2015-2755 Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plug...
E S
CVE-2015-2756 QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers...
CVE-2015-2757 The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.4...
CVE-2015-2758 The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.4...
CVE-2015-2759 Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss ...
CVE-2015-2760 Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoin...
CVE-2015-2761 Cross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense...
CVE-2015-2762 Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user account...
CVE-2015-2763 Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vec...
CVE-2015-2764 Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow re...
CVE-2015-2765 The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to condu...
CVE-2015-2766 The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have u...
CVE-2015-2767 Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vec...
CVE-2015-2768 Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 a...
CVE-2015-2769 Multiple cross-site request forgery (CSRF) vulnerabilities in the Personal Email Manager (PEM) in We...
CVE-2015-2770 Cross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series...
CVE-2015-2771 The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext cred...
CVE-2015-2772 SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files v...
CVE-2015-2773 SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via...
CVE-2015-2774 Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, w...
CVE-2015-2775 Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allow...
E
CVE-2015-2776 The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service ...
CVE-2015-2778 Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remo...
CVE-2015-2779 Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 al...
CVE-2015-2780 Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary cod...
E S
CVE-2015-2781 Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billin...
E
CVE-2015-2782 Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of ser...
CVE-2015-2783 ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote atta...
E S
CVE-2015-2784 The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input....
S
CVE-2015-2785 The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap w...
CVE-2015-2786 Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors rela...
S
CVE-2015-2787 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re...
E
CVE-2015-2788 Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird bef...
CVE-2015-2789 Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugi...
E S
CVE-2015-2790 Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial ...
E
CVE-2015-2791 The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to de...
E
CVE-2015-2792 The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, w...
E
CVE-2015-2793 Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150...
E S
CVE-2015-2794 The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the ap...
E S
CVE-2015-2796 Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote at...
E S
CVE-2015-2797 Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343,...
E
CVE-2015-2798 SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to...
E
CVE-2015-2800 The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with softwar...
CVE-2015-2802 An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and S...
CVE-2015-2803 SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension be...
E S
CVE-2015-2804 The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 w...
E
CVE-2015-2805 Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in th...
E
CVE-2015-2806 Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to h...
CVE-2015-2807 Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0...
E S
CVE-2015-2808 The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state dat...
S
CVE-2015-2809 The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently re...
CVE-2015-2810 Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used...
CVE-2015-2811 XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004...
CVE-2015-2812 XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.20110...
CVE-2015-2813 XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send reque...
CVE-2015-2814 SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthc...
CVE-2015-2815 Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52....
CVE-2015-2816 The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attac...
CVE-2015-2817 The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive informa...
CVE-2015-2818 XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send req...
CVE-2015-2819 SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a...
CVE-2015-2820 Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of ...
CVE-2015-2821 TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and mo...
S
CVE-2015-2822 Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime A...
S
CVE-2015-2823 Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI C...
S
CVE-2015-2824 Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress ...
E S
CVE-2015-2825 Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before...
E S
CVE-2015-2826 WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive in...
E
CVE-2015-2827 Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote...
CVE-2015-2828 CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which...
CVE-2015-2829 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 ...
S
CVE-2015-2830 arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag fro...
CVE-2015-2831 Buffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privile...
CVE-2015-2838 Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 5...
E
CVE-2015-2839 The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when retur...
E
CVE-2015-2840 Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10....
E
CVE-2015-2841 Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended ...
E
CVE-2015-2842 Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload f...
E
CVE-2015-2843 Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote a...
E
CVE-2015-2844 The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote atta...
E
CVE-2015-2845 The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote atta...
E
CVE-2015-2846 BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link....
CVE-2015-2847 Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript,...
CVE-2015-2848 Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows ...
CVE-2015-2849 SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, ...
CVE-2015-2850 Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 31...
CVE-2015-2851 client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows l...
CVE-2015-2852 Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility A...
CVE-2015-2853 Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, S...
CVE-2015-2854 The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x th...
CVE-2015-2855 The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x th...
CVE-2015-2856 Directory traversal vulnerability in the template function in function.inc in Accellion File Transfe...
E
CVE-2015-2857 Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary c...
E
CVE-2015-2858 Datalex airline booking software before 2015-09-03 allows remote attackers to read or write to arbit...
CVE-2015-2859 Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate se...
S
CVE-2015-2860 Directory traversal vulnerability in Avigilon Control Center (ACC) 4 before 4.12.0.54 and 5 before 5...
CVE-2015-2861 Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote...
CVE-2015-2862 Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, ...
CVE-2015-2863 Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x be...
CVE-2015-2864 Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before...
E S
CVE-2015-2865 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-4640, CVE-2015-4641. Reaso...
R
CVE-2015-2866 SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta a...
E
CVE-2015-2867 A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers...
E
CVE-2015-2868 An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware versi...
E
CVE-2015-2869 The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denia...
CVE-2015-2870 Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-co...
CVE-2015-2871 Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and...
CVE-2015-2872 Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on...
S
CVE-2015-2873 Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before ...
S
CVE-2015-2874 Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and...
CVE-2015-2875 Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, ...
CVE-2015-2876 Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage,...
CVE-2015-2877 Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write...
CVE-2015-2878 Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remot...
E
CVE-2015-2880 TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account....
E
CVE-2015-2881 Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdo...
E M
CVE-2015-2882 Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /AD...
E
CVE-2015-2883 Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the na...
CVE-2015-2884 Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct reques...
E
CVE-2015-2885 Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the...
CVE-2015-2886 iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com serv...
CVE-2015-2887 iBaby M3S has a password of admin for the backdoor admin account....
CVE-2015-2888 Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentica...
CVE-2015-2889 Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges v...
CVE-2015-2890 The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Work...
CVE-2015-2894 Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2...
CVE-2015-2895 Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote ...
CVE-2015-2896 The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obt...
CVE-2015-2897 Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, wh...
CVE-2015-2898 Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow re...
CVE-2015-2899 Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN ...
CVE-2015-2900 The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows ...
CVE-2015-2901 Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote at...
CVE-2015-2902 HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which...
CVE-2015-2903 The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which ...
CVE-2015-2904 Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes i...
CVE-2015-2905 Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS...
CVE-2015-2906 Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse a...
CVE-2015-2907 Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse a...
CVE-2015-2908 Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse a...
CVE-2015-2909 Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to ...
E
CVE-2015-2912 The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2....
CVE-2015-2913 server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Com...
CVE-2015-2914 Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with fir...
S
CVE-2015-2915 Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with fir...
S
CVE-2015-2916 Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-...
S
CVE-2015-2917 Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with fir...
S
CVE-2015-2918 The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does ...
CVE-2015-2922 The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol impl...
E
CVE-2015-2923 The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows...
S
CVE-2015-2924 The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementat...
CVE-2015-2925 The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle r...
CVE-2015-2926 Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and ear...
E
CVE-2015-2927 node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidt...
CVE-2015-2928 The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0...
CVE-2015-2929 The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0...
CVE-2015-2931 Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1....
E S
CVE-2015-2932 Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x befor...
S
CVE-2015-2933 Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before ...
CVE-2015-2934 MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when...
S
CVE-2015-2935 MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to by...
S
CVE-2015-2936 MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to c...
S
CVE-2015-2937 MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP,...
S
CVE-2015-2938 Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x...
S
CVE-2015-2939 Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote atta...
S
CVE-2015-2940 Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remo...
S
CVE-2015-2941 Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x...
E S
CVE-2015-2942 MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remo...
E S
CVE-2015-2943 Honda Moto LINC 1.6.1 does not verify SSL certificates....
CVE-2015-2944 Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Slin...
E
CVE-2015-2945 mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, wh...
E
CVE-2015-2946 Stack-based buffer overflow in the Open CAD Format Council SXF common library before 3.30 allows rem...
CVE-2015-2947 KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to...
CVE-2015-2948 Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remo...
CVE-2015-2949 Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to ...
CVE-2015-2950 Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta ...
S
CVE-2015-2951 JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted t...
CVE-2015-2952 The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Profess...
CVE-2015-2953 Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to...
CVE-2015-2954 Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Profe...
CVE-2015-2955 Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to...
CVE-2015-2956 SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and ear...
CVE-2015-2957 Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional...
CVE-2015-2958 Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to...
CVE-2015-2959 Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which...
S
CVE-2015-2960 Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows rem...
S
CVE-2015-2961 Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier all...
S
CVE-2015-2962 CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and conseque...
CVE-2015-2963 The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during m...
E
CVE-2015-2964 NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted...
CVE-2015-2965 Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authen...
CVE-2015-2966 Directory traversal vulnerability in the Droidware UK Explorer+ File Manager application before 2.3....
CVE-2015-2967 Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attack...
CVE-2015-2968 LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-m...
CVE-2015-2969 Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 a...
CVE-2015-2970 index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary f...
CVE-2015-2971 Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allow...
CVE-2015-2972 Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to ex...
CVE-2015-2973 Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPres...
S
CVE-2015-2974 LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents vi...
CVE-2015-2975 Research Artisan Lite before 1.18 does not ensure that a user has authenticated, which allows remote...
S
CVE-2015-2976 Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remot...
S
CVE-2015-2977 Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execut...
CVE-2015-2978 Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference...
CVE-2015-2979 Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified v...
CVE-2015-2980 The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitra...
CVE-2015-2981 The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL server...
CVE-2015-2982 Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS...
CVE-2015-2983 Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, s...
CVE-2015-2984 I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attacke...
CVE-2015-2985 Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to ...
CVE-2015-2986 Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attack...
CVE-2015-2987 Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attac...
S
CVE-2015-2988 Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remo...
CVE-2015-2989 Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attacker...
CVE-2015-2990 Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allow...
CVE-2015-2991 Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via craft...
S
CVE-2015-2992 Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability....
CVE-2015-2993 SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allow...
E
CVE-2015-2994 Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows rem...
E
CVE-2015-2995 The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, wh...
E
CVE-2015-2996 Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers ...
E
CVE-2015-2997 SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid ...
E
CVE-2015-2998 SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attac...
E
CVE-2015-2999 Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators t...
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.