Search

Search Results (365349 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1153 1 Apple 3 Iphone Os, Itunes, Safari 2025-04-12 N/A
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.
CVE-2015-1154 1 Apple 2 Itunes, Safari 2025-04-12 N/A
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153.
CVE-2015-1155 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
CVE-2015-1156 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.
CVE-2015-1158 2 Cups, Redhat 2 Cups, Enterprise Linux 2025-04-12 N/A
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
CVE-2015-1159 2 Cups, Redhat 2 Cups, Enterprise Linux 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
CVE-2015-1164 1 Serve-static Project 1 Serve-static 2025-04-12 N/A
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.
CVE-2015-1165 3 Bestpractical, Debian, Fedoraproject 3 Request Tracker, Debian Linux, Fedora 2025-04-12 N/A
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
CVE-2015-1169 1 Apereo 1 Central Authentication Service 2025-04-12 N/A
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
CVE-2015-1170 1 Nvidia 4 Gpu Driver R304, Gpu Driver R340, Gpu Driver R343 and 1 more 2025-04-12 N/A
The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API calls.
CVE-2015-1171 1 Gsm 1 Sim Card Editor 2025-04-12 N/A
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
CVE-2015-1172 1 Holding Pattern Project 1 Holding Pattern 2025-04-12 N/A
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2015-1173 1 Unit4 1 Teta Web 2025-04-12 N/A
Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters."
CVE-2015-1175 1 Prestashop 1 Prestashop 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter.
CVE-2015-1176 1 Osticket 1 Osticket 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.
CVE-2015-1178 1 Qualiteam 1 X-cart 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter.
CVE-2015-1179 1 Infinite Automation Systems 1 Mango Automation 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.
CVE-2015-1180 1 Eventsentry 1 Eventsentry 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet.
CVE-2015-1182 2 Opensuse, Polarssl 2 Opensuse, Polarssl 2025-04-12 N/A
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.
CVE-2015-1188 1 Swisscom 2 Centro Grande, Centro Grande Firmware 2025-04-12 N/A
The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors.