Export limit exceeded: 365312 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365312 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1000004 | 1 Filedownload Project | 1 Filedownload | 2025-04-12 | N/A |
| XSS in filedownload v1.4 wordpress plugin | ||||
| CVE-2015-1000005 | 1 Candidate-application-form Project | 1 Candidate-application-form | 2025-04-12 | N/A |
| Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin | ||||
| CVE-2015-1000006 | 1 Recent-backups Project | 1 Recent-backups | 2025-04-12 | N/A |
| Remote file download vulnerability in recent-backups v0.7 wordpress plugin | ||||
| CVE-2015-1000007 | 1 Wptf-image-gallery Project | 1 Wptf-image-gallery | 2025-04-12 | N/A |
| Remote file download vulnerability in wptf-image-gallery v1.03 | ||||
| CVE-2015-1000008 | 1 Mp3-jplayer Project | 1 Mp3-jplayer | 2025-04-12 | N/A |
| Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 | ||||
| CVE-2015-1000009 | 1 Google-adsense-and-hotel-booking Project | 1 Google-adsense-and-hotel-booking | 2025-04-12 | N/A |
| Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 | ||||
| CVE-2015-1000010 | 1 Simple-image-manipulator Project | 1 Simple-image-manipulator | 2025-04-12 | N/A |
| Remote file download in simple-image-manipulator v1.0 wordpress plugin | ||||
| CVE-2015-1000011 | 1 Dukapress Project | 1 Dukapress | 2025-04-12 | N/A |
| Blind SQL Injection in wordpress plugin dukapress v2.5.9 | ||||
| CVE-2015-1000012 | 1 Mypixs Project | 1 Mypixs | 2025-04-12 | N/A |
| Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin | ||||
| CVE-2015-1000013 | 1 Csv2wpec-coupon Project | 1 Csv2wpec-coupon | 2025-04-12 | N/A |
| Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | ||||
| CVE-2015-1001 | 1 Ininet Solutions | 1 Scada Web Server | 2025-04-12 | N/A |
| Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request. | ||||
| CVE-2015-1005 | 1 Ininet Solutions | 1 Scada Web Server | 2025-04-12 | N/A |
| IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-1002 | 1 Ininet Solutions | 1 Scada Web Server | 2025-04-12 | N/A |
| IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string. | ||||
| CVE-2015-1011 | 1 Hospira | 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware | 2025-04-12 | N/A |
| Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2015-1003 | 1 Ininet Solutions | 1 Scada Web Server | 2025-04-12 | N/A |
| Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. | ||||
| CVE-2015-1039 | 1 Zfcuser Project | 1 Zfcuser | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. | ||||
| CVE-2015-1057 | 1 E107 | 1 E107 | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value. | ||||
| CVE-2015-1028 | 1 Dlink | 2 Dsl-2730b, Dsl-2730b Firmware | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer). | ||||
| CVE-2015-1029 | 1 Puppet | 2 Puppet Enterprise, Stdlib | 2025-04-12 | N/A |
| The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache. | ||||
| CVE-2015-1030 | 1 Privoxy | 1 Privoxy | 2025-04-12 | N/A |
| Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached. | ||||