Export limit exceeded: 365367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365367 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1455 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2015-1456 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.
CVE-2015-1458 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command.
CVE-2015-1459 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.
CVE-2015-1460 1 Huawei 10 Quidway Firmware, Quidway S2350, Quidway S2750 and 7 more 2025-04-12 N/A
Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet.
CVE-2015-1461 2 Clamav, Fedoraproject 2 Clamav, Fedora 2025-04-12 N/A
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."
CVE-2015-1462 2 Clamav, Fedoraproject 2 Clamav, Fedora 2025-04-12 N/A
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
CVE-2015-1463 2 Clamav, Fedoraproject 2 Clamav, Fedora 2025-04-12 N/A
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
CVE-2015-1464 2 Bestpractical, Fedoraproject 2 Request Tracker, Fedora 2025-04-12 N/A
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
CVE-2015-1465 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-12 N/A
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.
CVE-2015-1467 1 Fork-cms 1 Fork Cms 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
CVE-2015-1469 1 Servision 2 Hvg400, Hvg Video Gateway Firmware 2025-04-12 N/A
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930.
CVE-2015-1471 1 Pragyan Cms Project 1 Pragyan Cms 2025-04-12 N/A
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
CVE-2015-1472 3 Canonical, Gnu, Redhat 4 Ubuntu Linux, Glibc, Enterprise Linux and 1 more 2025-04-12 N/A
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
CVE-2015-1473 3 Canonical, Gnu, Redhat 4 Ubuntu Linux, Glibc, Enterprise Linux and 1 more 2025-04-12 N/A
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.
CVE-2015-1474 1 Google 1 Android 2025-04-12 N/A
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.
CVE-2015-1475 1 Mylittleforum 1 My Little Forum 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to forum.php or the (3) page or (4) order parameter to (a) board_entry.php or (b) forum_entry.php.
CVE-2015-1476 1 Ecommercemajor Project 1 Ecommercemajor 2025-04-12 N/A
Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.
CVE-2015-1477 1 Cmsjunkie 1 J-classifiedsmanager 2025-04-12 N/A
SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads.
CVE-2015-1478 1 Cmsjunkie 1 J-classifiedsmanager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds.