Search

Search Results (366284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2952 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2025-04-12 N/A
The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.
CVE-2015-2953 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2025-04-12 N/A
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2958.
CVE-2015-2954 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-2991 1 Nscripter Project 1 Nscripter 2025-04-12 N/A
Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data.
CVE-2015-2955 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2025-04-12 N/A
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2015-2956 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2025-04-12 N/A
SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-2957 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2958 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2025-04-12 N/A
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953.
CVE-2015-2959 1 Zohocorp 1 Manageengine Netflow Analyzer 2025-04-12 N/A
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.
CVE-2015-2960 1 Zohocorp 1 Manageengine Netflow Analyzer 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2961 1 Zohocorp 1 Manageengine Netflow Analyzer 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.
CVE-2015-2962 1 Cgi Rescue 1 Blobee 2025-04-12 N/A
CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors.
CVE-2015-3674 1 Apple 1 Mac Os X 2025-04-12 N/A
afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-2963 1 Thoughtbot 1 Paperclip 2025-04-12 N/A
The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.
CVE-2015-2964 1 Namshi 1 Namshi\/jose 2025-04-12 N/A
NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens (JWT) header.
CVE-2015-2965 1 Oscommerce 1 Oscommerce 2025-04-12 N/A
Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.
CVE-2015-2966 1 Droidwareuk 1 Explorer\+ File Manager 2025-04-12 N/A
Directory traversal vulnerability in the Droidware UK Explorer+ File Manager application before 2.3.3 for Android allows remote attackers to write to arbitrary files via unspecified vectors.
CVE-2015-2967 1 Cacti 1 Cacti 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2969 1 Lemon-s Php 1 Simple Oekaki Bbs 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to inject arbitrary web script or HTML via the oekakis parameter.
CVE-2015-2970 1 Lemon-s Php 1 Simple Oekaki 2025-04-12 N/A
index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary files via the oekakis parameter.