Export limit exceeded: 365299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365299 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0902 | 1 Semperfiwebdesign | 1 All In One Seo Pack | 2025-04-12 | N/A |
| The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code. | ||||
| CVE-2015-0903 | 1 Hidemaru | 1 Editor | 2025-04-12 | N/A |
| Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file. | ||||
| CVE-2015-0905 | 1 Bblog Project | 1 Bblog | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-0906 | 1 Lhaplus | 1 Lhaplus | 2025-04-12 | N/A |
| Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. | ||||
| CVE-2015-0907 | 1 Lhaplus | 1 Lhaplus | 2025-04-12 | N/A |
| Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive. | ||||
| CVE-2015-0901 | 1 Flashy Project | 1 Flashy | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-0910 | 1 Dounokouno | 1 Transmitmail | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename. | ||||
| CVE-2015-0911 | 1 Dounokouno | 1 Transmitmail | 2025-04-12 | N/A |
| Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling. | ||||
| CVE-2015-0912 | 1 Kozos | 1 Easyctf | 2025-04-12 | N/A |
| EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors. | ||||
| CVE-2015-0913 | 1 Kozos | 1 Easyctf | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-0914 | 1 Kozos | 1 Easyctf | 2025-04-12 | N/A |
| EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request. | ||||
| CVE-2015-0915 | 1 Rakus | 1 Maildealer | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename. | ||||
| CVE-2015-0916 | 1 Cacti | 1 Cacti | 2025-04-12 | N/A |
| SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. | ||||
| CVE-2015-0917 | 1 Kajona | 1 Kajona | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. | ||||
| CVE-2015-0918 | 1 Sefrengo | 1 Sefrengo | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php. | ||||
| CVE-2015-0919 | 1 Sefrengo | 1 Sefrengo | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. | ||||
| CVE-2015-0920 | 1 Banner Effect Header Project | 1 Banner Effect Header | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php. | ||||
| CVE-2015-0921 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do. | ||||
| CVE-2015-0922 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-12 | N/A |
| McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password. | ||||
| CVE-2015-0923 | 1 Ektron | 1 Ektron Content Management System | 2025-04-12 | N/A |
| The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue. | ||||