Export limit exceeded: 366805 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366805 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5654 1 Dojotoolkit 1 Dojo 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5655 1 Adways 1 Party Track Sdk 2025-04-12 N/A
The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-5659 1 Network Applied Communication Laboratory 1 Shimane Prefecture Cms 2025-04-12 N/A
SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5660 1 Extplorer 1 Extplorer 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.
CVE-2015-5661 1 Airdroid 1 Airdroid 2025-04-12 N/A
The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents, which allows attackers to obtain sensitive information via a crafted application.
CVE-2015-5662 1 Avast 1 Avast Antivirus 2025-04-12 N/A
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.
CVE-2015-5663 1 Rarlab 1 Winrar 2025-04-12 N/A
The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.
CVE-2015-5664 1 Qnap 1 Qts 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5665 1 Lockon 1 Ec-cube 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
CVE-2015-5667 1 Html-scrubber Project 1 Html-scrubber 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.
CVE-2015-5668 1 Techno Project Japan 1 Enisys Gw 2025-04-12 N/A
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5669 1 Techno Project Japan 1 Enisys Gw 2025-04-12 N/A
Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors.
CVE-2015-5670 1 Techno Project Japan 1 Enisys Gw 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5671 1 Techno Project Japan 1 Enisys Gw 2025-04-12 N/A
Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors.
CVE-2015-5672 1 Typemoon 4 Fate\/hollow Ataraxia, Fate\/stay Night, Fate\/stay Night \+ Hollow Ataraxia Set and 1 more 2025-04-12 N/A
TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data.
CVE-2015-5673 1 Isucon 1 Isucon 5 Qualifier Eventapp 2025-04-12 N/A
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command.
CVE-2015-5681 1 Wpslideshow 1 Powerplay Gallery 2025-04-12 N/A
Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/.
CVE-2015-5685 1 Bittorrent 1 Bootstrap-dht 2025-04-12 N/A
The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."
CVE-2015-5687 1 Anchorcms 1 Anchor Cms 2025-04-12 N/A
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
CVE-2015-5688 1 Geddyjs 1 Geddy 2025-04-12 N/A
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.