Search

Search Results (366589 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1400 1 Npds 1 Revolution 2025-04-12 N/A
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.
CVE-2015-1402 1 Content Rating Project 1 Content Rating 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1403 1 Content Rating Project 1 Content Rating 2025-04-12 N/A
SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1404 1 Content Rating Extbase Project 1 Content Rating Extbase 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1405 1 Content Rating Extbase Project 1 Content Rating Extbase 2025-04-12 N/A
SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1414 3 Debian, Freebsd, Netgate 3 Debian Linux, Freebsd, Pfsense 2025-04-12 N/A
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.
CVE-2015-1415 1 Freebsd 1 Freebsd 2025-04-12 N/A
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.
CVE-2015-1419 2 Opensuse, Vsftpd Project 2 Opensuse, Vsftpd 2025-04-12 N/A
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
CVE-2015-1420 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-12 N/A
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.
CVE-2015-1421 4 Canonical, Debian, Linux and 1 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2025-04-12 N/A
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
CVE-2015-1422 1 Jakweb 1 Gecko Cms 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extfile, (8) jak_file, (9) jak_hookshow[], (10) jak_img, (11) jak_javascript, (12) jak_lcontent, (13) jak_name, (14) jak_password, (15) jak_showcontact, (16) jak_tags, (17) jak_title, (18) jak_url, (19) jak_username, (20) real_hook_id[], (21) sp, (22) sreal_plugin_id[], (23) ssp, or (24) sssp parameter to admin/index.php or the (25) editor, (26) field_id, (27) fldr, (28) lang, (29) popup, (30) subfolder, or (31) type parameter to js/editor/plugins/filemanager/dialog.php.
CVE-2015-1423 1 Jakweb 1 Gecko Cms 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
CVE-2015-1424 1 Jakweb 1 Gecko Cms 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.
CVE-2015-1426 2 Puppet, Puppetlabs 2 Facter, Facter 2025-04-12 N/A
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
CVE-2015-1428 1 Sefrengo 1 Sefrengo 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php.
CVE-2015-1457 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command.
CVE-2015-1431 1 Phpbb 1 Phpbb 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."
CVE-2015-1432 1 Phpbb 1 Phpbb 2025-04-12 N/A
The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.
CVE-2015-1434 1 Mylittleforum 1 My Little Forum 2025-04-12 N/A
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.
CVE-2015-1435 1 Mylittleforum 1 My Little Forum 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php.