Search

Search Results (366900 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5474 2 Bittorrent, Utorrent 2 Bittorrent, Utorrent 2025-04-12 N/A
BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol.
CVE-2015-5475 1 Bestpractical 1 Request Tracker 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.
CVE-2015-5477 2 Isc, Redhat 4 Bind, Enterprise Linux, Rhel Aus and 1 more 2025-04-12 N/A
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
CVE-2015-5479 3 Libav, Opensuse, Ubuntu 3 Libav, Leap, Ubuntu 2025-04-12 N/A
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
CVE-2015-5481 1 Dev4press 1 Gd Bbpress Attachments 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
CVE-2015-5482 1 Dev4press 1 Gd Bbpress Attachments 2025-04-12 N/A
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
CVE-2015-5485 1 Theeventscalendar 1 Eventbrite Tickets 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php.
CVE-2015-5487 1 Techsmith 1 Camtasia Relay 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab.
CVE-2015-5488 1 Thinkshout 1 Mailchimp 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5489 1 Smart Trim Project 1 Smart Trim 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form.
CVE-2015-5490 1 Views Project 1 Views 2025-04-12 N/A
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
CVE-2015-5491 1 Dynamic Display Block Project 1 Dynamic Display Block 2025-04-12 N/A
The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission.
CVE-2015-5492 1 Video Consultation Project 1 Video Consultation 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5493 1 Entityform Block Project 1 Entityform Block 2025-04-12 N/A
The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors.
CVE-2015-5494 1 Webform Matrix Component Project 1 Webform Matrix Component 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5495 1 Mobile Sliding Menu Project 1 Mobile Sliding Menu 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5496 1 Pass2pdf Project 1 Pass2pdf 2025-04-12 N/A
The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors.
CVE-2015-5497 1 Web Links Project 1 Web Links 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5498 1 Shipwire Api Project 1 Shipwire Api 2025-04-12 N/A
The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page.
CVE-2015-5499 1 Navigate Project 1 Navigate 2025-04-12 N/A
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission.