Export limit exceeded: 366303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366303 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2973 | 1 Welcart | 1 Welcart E-commerce | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php. | ||||
| CVE-2015-2974 | 1 Lemon-s Php | 1 Gazou Bbs Plus | 2025-04-12 | N/A |
| LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file. | ||||
| CVE-2015-2975 | 1 Research-artisan | 1 Research Artisan Lite | 2025-04-12 | N/A |
| Research Artisan Lite before 1.18 does not ensure that a user has authenticated, which allows remote attackers to perform unspecified actions via unknown vectors. | ||||
| CVE-2015-2976 | 1 Research-artisan | 1 Research Artisan Lite | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted URL that is mishandled during access-log analysis. | ||||
| CVE-2015-2977 | 1 Webservice-dic | 1 Yoyaku | 2025-04-12 | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors. | ||||
| CVE-2015-2978 | 1 Webservice-dic | 1 Yoyaku | 2025-04-12 | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation." | ||||
| CVE-2015-2979 | 1 Webservice-dic | 1 Yoyaku | 2025-04-12 | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-2980 | 1 Yodobashi | 1 Yodobashi | 2025-04-12 | N/A |
| The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document. | ||||
| CVE-2015-2982 | 1 Php Kobo | 1 Photo Gallery Cms Free | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php. | ||||
| CVE-2015-2983 | 1 Php Kobo | 1 Photo Gallery Cms Free | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-2984 | 1 Iodata | 2 Wn-g54\/r2, Wn-g54\/r2 Firmware | 2025-04-12 | N/A |
| I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | ||||
| CVE-2015-2985 | 1 Guide-park | 1 Bbs X102 | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-2986 | 1 Rakuto | 1 Rktsns2 | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-2987 | 1 Type74 | 1 Ed | 2025-04-12 | N/A |
| Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits. | ||||
| CVE-2015-2989 | 1 Lemon-s Php | 1 Twit Bbs | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter. | ||||
| CVE-2015-2993 | 1 Sysaid | 1 Sysaid | 2025-04-12 | N/A |
| SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. | ||||
| CVE-2015-2994 | 1 Sysaid | 1 Sysaid | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/. | ||||
| CVE-2015-2995 | 1 Sysaid | 1 Sysaid | 2025-04-12 | N/A |
| The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. | ||||
| CVE-2015-2996 | 1 Sysaid | 1 Sysaid | 2025-04-12 | N/A |
| Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum. | ||||
| CVE-2015-2997 | 1 Sysaid | 1 Sysaid | 2025-04-12 | N/A |
| SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message. | ||||