Search

Search Results (366864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5461 1 Stageshow Project 1 Stageshow 2025-04-12 N/A
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVE-2015-5465 1 Sis 1 Windows Vga Display Manager 2025-04-12 N/A
Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call.
CVE-2015-5470 1 Powerdns 2 Authoritative, Recursor 2025-04-12 N/A
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.
CVE-2015-5472 1 Ibs Mappro Project 1 Ibs Mappro 2025-04-12 N/A
Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
CVE-2015-5474 2 Bittorrent, Utorrent 2 Bittorrent, Utorrent 2025-04-12 N/A
BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol.
CVE-2015-5475 1 Bestpractical 1 Request Tracker 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.
CVE-2015-5477 2 Isc, Redhat 4 Bind, Enterprise Linux, Rhel Aus and 1 more 2025-04-12 N/A
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
CVE-2015-5479 3 Libav, Opensuse, Ubuntu 3 Libav, Leap, Ubuntu 2025-04-12 N/A
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
CVE-2015-5481 1 Dev4press 1 Gd Bbpress Attachments 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
CVE-2015-5482 1 Dev4press 1 Gd Bbpress Attachments 2025-04-12 N/A
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
CVE-2015-5485 1 Theeventscalendar 1 Eventbrite Tickets 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php.
CVE-2015-5487 1 Techsmith 1 Camtasia Relay 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab.
CVE-2015-5488 1 Thinkshout 1 Mailchimp 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5489 1 Smart Trim Project 1 Smart Trim 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form.
CVE-2015-5490 1 Views Project 1 Views 2025-04-12 N/A
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
CVE-2015-5491 1 Dynamic Display Block Project 1 Dynamic Display Block 2025-04-12 N/A
The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission.
CVE-2015-5492 1 Video Consultation Project 1 Video Consultation 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5493 1 Entityform Block Project 1 Entityform Block 2025-04-12 N/A
The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors.
CVE-2015-5494 1 Webform Matrix Component Project 1 Webform Matrix Component 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5495 1 Mobile Sliding Menu Project 1 Mobile Sliding Menu 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors.