Export limit exceeded: 365269 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365269 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1000007 1 Wptf-image-gallery Project 1 Wptf-image-gallery 2025-04-12 N/A
Remote file download vulnerability in wptf-image-gallery v1.03
CVE-2015-1000008 1 Mp3-jplayer Project 1 Mp3-jplayer 2025-04-12 N/A
Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2
CVE-2015-1000009 1 Google-adsense-and-hotel-booking Project 1 Google-adsense-and-hotel-booking 2025-04-12 N/A
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05
CVE-2015-1000010 1 Simple-image-manipulator Project 1 Simple-image-manipulator 2025-04-12 N/A
Remote file download in simple-image-manipulator v1.0 wordpress plugin
CVE-2015-1000011 1 Dukapress Project 1 Dukapress 2025-04-12 N/A
Blind SQL Injection in wordpress plugin dukapress v2.5.9
CVE-2015-1000012 1 Mypixs Project 1 Mypixs 2025-04-12 N/A
Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin
CVE-2015-1000013 1 Csv2wpec-coupon Project 1 Csv2wpec-coupon 2025-04-12 N/A
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1
CVE-2015-1001 1 Ininet Solutions 1 Scada Web Server 2025-04-12 N/A
Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request.
CVE-2015-1005 1 Ininet Solutions 1 Scada Web Server 2025-04-12 N/A
IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
CVE-2015-1002 1 Ininet Solutions 1 Scada Web Server 2025-04-12 N/A
IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string.
CVE-2015-1011 1 Hospira 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware 2025-04-12 N/A
Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2015-1003 1 Ininet Solutions 1 Scada Web Server 2025-04-12 N/A
Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname.
CVE-2015-1039 1 Zfcuser Project 1 Zfcuser 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.
CVE-2015-1057 1 E107 1 E107 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.
CVE-2015-1028 1 Dlink 2 Dsl-2730b, Dsl-2730b Firmware 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
CVE-2015-1029 1 Puppet 2 Puppet Enterprise, Stdlib 2025-04-12 N/A
The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
CVE-2015-1030 1 Privoxy 1 Privoxy 2025-04-12 N/A
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.
CVE-2015-1066 1 Apple 1 Mac Os X 2025-04-12 N/A
Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-1009 2 Indusoft, Wonderware 2 Web Studio, Intouch 2025-04-12 N/A
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.
CVE-2015-1031 1 Privoxy 1 Privoxy 2025-04-12 N/A
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.