Export limit exceeded: 366282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366282 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2183 | 1 Zeuscart | 1 Zeuscart | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/. | ||||
| CVE-2015-2184 | 1 Ajsquare | 1 Zeuscart | 2025-04-12 | N/A |
| ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. | ||||
| CVE-2015-2187 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2025-04-12 | N/A |
| The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. | ||||
| CVE-2015-2189 | 6 Debian, Mageia, Opensuse and 3 more | 7 Debian Linux, Mageia, Opensuse and 4 more | 2025-04-12 | N/A |
| Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. | ||||
| CVE-2015-2190 | 3 Opensuse, Oracle, Wireshark | 3 Opensuse, Solaris, Wireshark | 2025-04-12 | N/A |
| epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. | ||||
| CVE-2015-2191 | 5 Debian, Mageia, Opensuse and 2 more | 5 Debian Linux, Mageia, Opensuse and 2 more | 2025-04-12 | N/A |
| Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. | ||||
| CVE-2015-2192 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2025-04-12 | N/A |
| Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. | ||||
| CVE-2015-2194 | 1 Digitalnature | 1 Fusion | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors. | ||||
| CVE-2015-2195 | 1 Wp Media Cleaner Project | 1 Wp Media Cleaner | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php. | ||||
| CVE-2015-2196 | 1 Web-dorado | 1 Spider Calendar | 2025-04-12 | N/A |
| SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. | ||||
| CVE-2015-2197 | 1 Entity Api Project | 1 Entity Api | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API. | ||||
| CVE-2015-2199 | 1 Wonderplugin | 1 Audio Player | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. | ||||
| CVE-2015-2206 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2025-04-12 | N/A |
| libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. | ||||
| CVE-2015-2208 | 1 Avinu | 1 Phpmoadmin | 2025-04-12 | N/A |
| The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | ||||
| CVE-2015-2209 | 1 Dlguard | 1 Dlguard | 2025-04-12 | N/A |
| DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php. | ||||
| CVE-2015-2213 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. | ||||
| CVE-2015-2214 | 1 Netcat | 1 Netcat | 2025-04-12 | N/A |
| NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php. | ||||
| CVE-2015-2215 | 1 Services Single Sign-on Server Helper Project | 1 Services Single Sign-on Server Helper | 2025-04-12 | N/A |
| Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | ||||
| CVE-2015-2216 | 1 Photocati Media | 1 Photocrati | 2025-04-12 | N/A |
| SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. | ||||
| CVE-2015-2217 | 1 Myupb | 1 Ultimate Php Board | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php. | ||||