Export limit exceeded: 366805 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366805 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5654 | 1 Dojotoolkit | 1 Dojo | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5655 | 1 Adways | 1 Party Track Sdk | 2025-04-12 | N/A |
| The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-5659 | 1 Network Applied Communication Laboratory | 1 Shimane Prefecture Cms | 2025-04-12 | N/A |
| SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-5660 | 1 Extplorer | 1 Extplorer | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code. | ||||
| CVE-2015-5661 | 1 Airdroid | 1 Airdroid | 2025-04-12 | N/A |
| The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents, which allows attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2015-5662 | 1 Avast | 1 Avast Antivirus | 2025-04-12 | N/A |
| Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. | ||||
| CVE-2015-5663 | 1 Rarlab | 1 Winrar | 2025-04-12 | N/A |
| The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user. | ||||
| CVE-2015-5664 | 1 Qnap | 1 Qts | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5665 | 1 Lockon | 1 Ec-cube | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function. | ||||
| CVE-2015-5667 | 1 Html-scrubber Project | 1 Html-scrubber | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment. | ||||
| CVE-2015-5668 | 1 Techno Project Japan | 1 Enisys Gw | 2025-04-12 | N/A |
| SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-5669 | 1 Techno Project Japan | 1 Enisys Gw | 2025-04-12 | N/A |
| Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-5670 | 1 Techno Project Japan | 1 Enisys Gw | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5671 | 1 Techno Project Japan | 1 Enisys Gw | 2025-04-12 | N/A |
| Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. | ||||
| CVE-2015-5672 | 1 Typemoon | 4 Fate\/hollow Ataraxia, Fate\/stay Night, Fate\/stay Night \+ Hollow Ataraxia Set and 1 more | 2025-04-12 | N/A |
| TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data. | ||||
| CVE-2015-5673 | 1 Isucon | 1 Isucon 5 Qualifier Eventapp | 2025-04-12 | N/A |
| eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command. | ||||
| CVE-2015-5681 | 1 Wpslideshow | 1 Powerplay Gallery | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/. | ||||
| CVE-2015-5685 | 1 Bittorrent | 1 Bootstrap-dht | 2025-04-12 | N/A |
| The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." | ||||
| CVE-2015-5687 | 1 Anchorcms | 1 Anchor Cms | 2025-04-12 | N/A |
| system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. | ||||
| CVE-2015-5688 | 1 Geddyjs | 1 Geddy | 2025-04-12 | N/A |
| Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. | ||||