Export limit exceeded: 365419 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365419 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365419 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1487 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename. | ||||
| CVE-2015-1488 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors. | ||||
| CVE-2015-1489 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | ||||
| CVE-2015-1490 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package. | ||||
| CVE-2015-1491 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-1492 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. | ||||
| CVE-2015-1493 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts. | ||||
| CVE-2015-1759 | 1 Microsoft | 1 Office Compatibility Pack | 2025-04-12 | N/A |
| Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| CVE-2015-1494 | 1 Colorlib | 1 Fancybox | 2025-04-12 | N/A |
| The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfw[padding] parameter and exploited in the wild in February 2015. | ||||
| CVE-2015-1495 | 1 Motorola | 1 Motorola Scanner Sdk | 2025-04-12 | N/A |
| Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. | ||||
| CVE-2015-1496 | 1 Motorola | 1 Motorola Scanner Sdk | 2025-04-12 | N/A |
| Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-1497 | 1 Persistent Systems | 1 Radia Client Automation | 2025-04-12 | N/A |
| radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465. | ||||
| CVE-2015-1498 | 1 Persistent Systems | 1 Radia Client Automation | 2025-04-12 | N/A |
| Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact. | ||||
| CVE-2015-1499 | 1 Samsung | 1 Samsung Security Manager | 2025-04-12 | N/A |
| The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | ||||
| CVE-2015-1500 | 1 Solarwinds | 1 Server And Application Monitor | 2025-04-12 | N/A |
| Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load. | ||||
| CVE-2015-1501 | 1 Solarwinds | 1 Server And Application Monitor | 2025-04-12 | N/A |
| The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary. | ||||
| CVE-2015-1512 | 1 Fancyfon | 1 Famoc | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the (1) LoginForm[username] to ui/system/login or the (2) order or (3) myorgs to index.php. | ||||
| CVE-2015-1513 | 1 Siphon | 1 Siphone Enterprise Pbx | 2025-04-12 | N/A |
| SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. | ||||
| CVE-2015-1514 | 1 Fancyfon | 1 Famoc | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php. | ||||
| CVE-2015-1515 | 1 Softsphere | 1 Defensewall Personal Firewall | 2025-04-12 | N/A |
| The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call. | ||||