Export limit exceeded: 366739 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366739 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4638 1 F5 10 Big-ip Advanced Firewall Manager, Big-ip Analytics, Big-ip Application Security Manager and 7 more 2025-04-12 N/A
The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) via a fragmented packet.
CVE-2015-4640 2 Samsung, Swiftkey 5 Galaxy S4, Galaxy S4 Mini, Galaxy S5 and 2 more 2025-04-12 N/A
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution.
CVE-2015-4641 2 Samsung, Swiftkey 5 Galaxy S4, Galaxy S4 Mini, Galaxy S5 and 2 more 2025-04-12 N/A
Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.
CVE-2015-4642 2 Microsoft, Php 2 Windows, Php 2025-04-12 N/A
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.
CVE-2015-4660 1 Eliacom 1 Enhanced Sql Portal 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php.
CVE-2015-4643 4 Debian, Oracle, Php and 1 more 11 Debian Linux, Linux, Php and 8 more 2025-04-12 N/A
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.
CVE-2015-4644 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Software Collections 2025-04-12 N/A
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.
CVE-2015-4647 1 Panasonic 1 Security Api Activex Sdk 2025-04-12 N/A
Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method.
CVE-2015-4648 1 Panasonic 1 Security Api Activex Sdk 2025-04-12 N/A
Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method.
CVE-2015-4651 3 Debian, Oracle, Wireshark 3 Debian Linux, Solaris, Wireshark 2025-04-12 N/A
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2015-4652 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-12 N/A
epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions.
CVE-2015-4654 1 Joomla 1 Joomla\! 2025-04-12 N/A
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVE-2015-4655 1 Synology 1 Diskstation Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.
CVE-2015-4656 1 Synology 1 Photo Station 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/.
CVE-2015-4657 1 Mailbird 1 Mailbird 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL.
CVE-2015-4658 1 Milw0rm Project 1 Milw0rm Clone Script 2025-04-12 N/A
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.
CVE-2015-4659 1 Labsmedia 1 Clickheat 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php.
CVE-2015-4661 1 Getsymphony 1 Symphony 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors.
CVE-2015-4665 1 Xceedium 1 Xsuite 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.
CVE-2015-4666 1 Xceedium 1 Xsuite 2025-04-12 N/A
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.