Search

Search Results (366624 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4677 1 Fiverrscript 1 Fiverrscript 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.
CVE-2015-4678 1 Persian Car Cms Project 1 Persian Car Cms 2025-04-12 N/A
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.
CVE-2015-4679 1 Airties 2 Rt-210, Rt-210 Firmware 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm.
CVE-2015-4692 1 Linux 1 Linux Kernel 2025-04-12 N/A
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.
CVE-2015-4694 1 Zip Attachments Project 1 Zip Attachments 2025-04-12 N/A
Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.
CVE-2015-4695 2 Redhat, Wvware 2 Enterprise Linux, Libwmf 2025-04-12 N/A
meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.
CVE-2015-4696 2 Redhat, Wvware 2 Enterprise Linux, Libwmf 2025-04-12 N/A
Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.
CVE-2015-4700 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-12 N/A
The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.
CVE-2015-4703 1 Rename Project 1 Rename 2025-04-12 N/A
Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter.
CVE-2015-4713 1 Apphp 1 Hotel Site 2025-04-12 N/A
SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.
CVE-2015-4714 1 Dream-multimedia-tv 2 Dreambox Dm500-s, Dreambox Dm500-s Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.
CVE-2015-4716 2 Microsoft, Owncloud 3 Windows, Owncloud, Owncloud Server 2025-04-12 N/A
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.
CVE-2015-4717 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names.
CVE-2015-4718 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
CVE-2015-4725 1 Audiosharescript 1 Audioshare 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2015-4726 1 Audiosharescript 1 Audioshare 2025-04-12 N/A
PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter.
CVE-2015-4727 1 Oracle 1 Virtualization Sun Ray 2025-04-12 N/A
Unspecified vulnerability in Oracle Virtualization Sun Ray Software before 5.4.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Console.
CVE-2015-4728 1 Oracle 1 E-business Suite 2025-04-12 N/A
Unspecified vulnerability in the Oracle Sourcing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Bid/Quote creation.
CVE-2015-4730 1 Oracle 1 Mysql 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.
CVE-2015-4734 2 Oracle, Redhat 6 Jdk, Jre, Enterprise Linux and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.