Search

Search Results (366811 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5647 1 Cybozu 1 Garoon 2025-04-12 N/A
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
CVE-2015-5648 1 Loenshotel 1 Phprechnung 2025-04-12 N/A
SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5649 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.
CVE-2015-5650 1 Ajaxplorer 1 Ajaxplorer 2025-04-12 N/A
Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2015-5651 1 Dotclear 1 Dotclear 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5653 1 Canarylabs 1 Trendweb 2025-04-12 N/A
Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet.
CVE-2015-5654 1 Dojotoolkit 1 Dojo 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5655 1 Adways 1 Party Track Sdk 2025-04-12 N/A
The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-5659 1 Network Applied Communication Laboratory 1 Shimane Prefecture Cms 2025-04-12 N/A
SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5660 1 Extplorer 1 Extplorer 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.
CVE-2015-5661 1 Airdroid 1 Airdroid 2025-04-12 N/A
The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents, which allows attackers to obtain sensitive information via a crafted application.
CVE-2015-5662 1 Avast 1 Avast Antivirus 2025-04-12 N/A
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.
CVE-2015-5663 1 Rarlab 1 Winrar 2025-04-12 N/A
The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.
CVE-2015-5664 1 Qnap 1 Qts 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5665 1 Lockon 1 Ec-cube 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
CVE-2015-5667 1 Html-scrubber Project 1 Html-scrubber 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.
CVE-2015-5668 1 Techno Project Japan 1 Enisys Gw 2025-04-12 N/A
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5669 1 Techno Project Japan 1 Enisys Gw 2025-04-12 N/A
Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors.
CVE-2015-5670 1 Techno Project Japan 1 Enisys Gw 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5671 1 Techno Project Japan 1 Enisys Gw 2025-04-12 N/A
Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors.