Search

Search Results (366632 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4661 1 Getsymphony 1 Symphony 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors.
CVE-2015-4665 1 Xceedium 1 Xsuite 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.
CVE-2015-4666 1 Xceedium 1 Xsuite 2025-04-12 N/A
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
CVE-2015-4670 1 Devexpress 1 Ajax Control Toolkit 2025-04-12 N/A
Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.
CVE-2015-4671 1 Opencart 1 Opencart 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php.
CVE-2015-4674 1 Timedoctor 1 Timedoctor 2025-04-12 N/A
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
CVE-2015-4675 1 Tinysrp Project 1 Tinysrp 2025-04-12 N/A
Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field.
CVE-2015-4676 1 Aftab 1 Tickfa 2025-04-12 N/A
SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action.
CVE-2015-4677 1 Fiverrscript 1 Fiverrscript 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.
CVE-2015-4678 1 Persian Car Cms Project 1 Persian Car Cms 2025-04-12 N/A
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.
CVE-2015-4679 1 Airties 2 Rt-210, Rt-210 Firmware 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm.
CVE-2015-4692 1 Linux 1 Linux Kernel 2025-04-12 N/A
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.
CVE-2015-4694 1 Zip Attachments Project 1 Zip Attachments 2025-04-12 N/A
Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.
CVE-2015-4695 2 Redhat, Wvware 2 Enterprise Linux, Libwmf 2025-04-12 N/A
meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.
CVE-2015-4696 2 Redhat, Wvware 2 Enterprise Linux, Libwmf 2025-04-12 N/A
Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.
CVE-2015-4700 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-12 N/A
The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.
CVE-2015-4703 1 Rename Project 1 Rename 2025-04-12 N/A
Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter.
CVE-2015-4713 1 Apphp 1 Hotel Site 2025-04-12 N/A
SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.
CVE-2015-4714 1 Dream-multimedia-tv 2 Dreambox Dm500-s, Dreambox Dm500-s Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.
CVE-2015-4716 2 Microsoft, Owncloud 3 Windows, Owncloud, Owncloud Server 2025-04-12 N/A
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.