Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6522 | 1 Wpsymposium | 1 Wp Symposium | 2025-04-12 | N/A |
| SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. | ||||
| CVE-2015-6523 | 1 Portfolio Project | 1 Portfolio | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php. | ||||
| CVE-2015-6524 | 2 Apache, Fedoraproject | 2 Activemq, Fedora | 2025-04-12 | N/A |
| The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. | ||||
| CVE-2015-6525 | 2 Debian, Libevent Project | 2 Debian Linux, Libevent | 2025-04-12 | N/A |
| Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. | ||||
| CVE-2015-6526 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-12 | N/A |
| The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace. | ||||
| CVE-2015-6527 | 1 Php | 1 Php | 2025-04-12 | 7.3 High |
| The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function. | ||||
| CVE-2015-6528 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. | ||||
| CVE-2015-6529 | 1 Phpipam | 1 Phpipam | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php. | ||||
| CVE-2015-6530 | 1 Opentext | 2 Secure Mft 2013, Secure Mft 2014 | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp. | ||||
| CVE-2015-6535 | 1 Youtube Embed Project | 1 Youtube Embed | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field (youtube_embed_name parameter). | ||||
| CVE-2015-6537 | 1 Epiphanyhealthdata | 1 Cardio Server | 2025-04-12 | N/A |
| SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | ||||
| CVE-2015-6538 | 1 Ephiphanyheathdata | 1 Cardio Server | 2025-04-12 | N/A |
| The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL. | ||||
| CVE-2015-6541 | 1 Zimbra | 1 Zimbra Collaboration Server | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. | ||||
| CVE-2015-6545 | 1 Webgroupmedia | 1 Cerb | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action. | ||||
| CVE-2015-6546 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2025-04-12 | N/A |
| The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers to cause a denial of service via "malicious traffic." | ||||
| CVE-2015-6547 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. | ||||
| CVE-2015-6548 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-6549 | 1 Symantec | 1 Netbackup Opscenter | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-6550 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-12 | N/A |
| bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input. | ||||
| CVE-2015-6551 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-12 | N/A |
| Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets. | ||||