Export limit exceeded: 366888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366888 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5457 | 1 Pivotx | 1 Pivotx | 2025-04-12 | N/A |
| PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php. | ||||
| CVE-2015-5458 | 1 Pivotx | 1 Pivotx | 2025-04-12 | N/A |
| Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter. | ||||
| CVE-2015-5459 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2025-04-12 | N/A |
| SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. | ||||
| CVE-2015-5460 | 1 Snorby Project | 1 Snorby | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when creating a classification. | ||||
| CVE-2015-5461 | 1 Stageshow Project | 1 Stageshow | 2025-04-12 | N/A |
| Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | ||||
| CVE-2015-5465 | 1 Sis | 1 Windows Vga Display Manager | 2025-04-12 | N/A |
| Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call. | ||||
| CVE-2015-5470 | 1 Powerdns | 2 Authoritative, Recursor | 2025-04-12 | N/A |
| The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. | ||||
| CVE-2015-5472 | 1 Ibs Mappro Project | 1 Ibs Mappro | 2025-04-12 | N/A |
| Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. | ||||
| CVE-2015-5474 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2025-04-12 | N/A |
| BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol. | ||||
| CVE-2015-5475 | 1 Bestpractical | 1 Request Tracker | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages. | ||||
| CVE-2015-5477 | 2 Isc, Redhat | 4 Bind, Enterprise Linux, Rhel Aus and 1 more | 2025-04-12 | N/A |
| named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. | ||||
| CVE-2015-5479 | 3 Libav, Opensuse, Ubuntu | 3 Libav, Leap, Ubuntu | 2025-04-12 | N/A |
| The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. | ||||
| CVE-2015-5481 | 1 Dev4press | 1 Gd Bbpress Attachments | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. | ||||
| CVE-2015-5482 | 1 Dev4press | 1 Gd Bbpress Attachments | 2025-04-12 | N/A |
| Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. | ||||
| CVE-2015-5485 | 1 Theeventscalendar | 1 Eventbrite Tickets | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php. | ||||
| CVE-2015-5487 | 1 Techsmith | 1 Camtasia Relay | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab. | ||||
| CVE-2015-5488 | 1 Thinkshout | 1 Mailchimp | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5489 | 1 Smart Trim Project | 1 Smart Trim | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form. | ||||
| CVE-2015-5490 | 1 Views Project | 1 Views | 2025-04-12 | N/A |
| The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors. | ||||
| CVE-2015-5491 | 1 Dynamic Display Block Project | 1 Dynamic Display Block | 2025-04-12 | N/A |
| The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission. | ||||