Search

Search Results (365265 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0892 1 Maroyaka Image Album Project 1 Maroyaka Image Album 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0893 1 Maroyaka Relay Novel Project 1 Maroyaka Relay Novel 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0894 1 Tips And Tricks Hq 1 All In One Wordpress Security And Firewall 2025-04-12 N/A
SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0895 1 Tips And Tricks Hq 1 All In One Wordpress Security And Firewall 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
CVE-2015-0896 1 Extplorer 1 Extplorer 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0899 1 Apache 1 Struts 2025-04-12 N/A
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
CVE-2015-0902 1 Semperfiwebdesign 1 All In One Seo Pack 2025-04-12 N/A
The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.
CVE-2015-0903 1 Hidemaru 1 Editor 2025-04-12 N/A
Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file.
CVE-2015-0905 1 Bblog Project 1 Bblog 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-0906 1 Lhaplus 1 Lhaplus 2025-04-12 N/A
Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive.
CVE-2015-0907 1 Lhaplus 1 Lhaplus 2025-04-12 N/A
Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive.
CVE-2015-0901 1 Flashy Project 1 Flashy 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0910 1 Dounokouno 1 Transmitmail 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename.
CVE-2015-0911 1 Dounokouno 1 Transmitmail 2025-04-12 N/A
Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling.
CVE-2015-0912 1 Kozos 1 Easyctf 2025-04-12 N/A
EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors.
CVE-2015-0913 1 Kozos 1 Easyctf 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0914 1 Kozos 1 Easyctf 2025-04-12 N/A
EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request.
CVE-2015-0915 1 Rakus 1 Maildealer 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.
CVE-2015-0916 1 Cacti 1 Cacti 2025-04-12 N/A
SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.
CVE-2015-0917 1 Kajona 1 Kajona 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.