Export limit exceeded: 346866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79184 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7507 | 1 Netsurf-browser | 1 Libnsbmp | 2024-11-21 | 7.5 High |
| libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function. | ||||
| CVE-2015-7505 | 1 Netsurf-browser | 1 Libnsgif | 2024-11-21 | 8.8 High |
| Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file. | ||||
| CVE-2015-7342 | 1 Joobi | 1 Jnews | 2024-11-21 | 7.2 High |
| JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. | ||||
| CVE-2015-7341 | 1 Joobi | 1 Jnews | 2024-11-21 | 8.8 High |
| JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. | ||||
| CVE-2015-7340 | 1 Gwesystems | 1 Jevents | 2024-11-21 | 7.2 High |
| JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action. | ||||
| CVE-2015-7339 | 1 Widgetfactorylimited | 1 Jce | 2024-11-21 | 8.8 High |
| JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script. | ||||
| CVE-2015-7338 | 1 Acyba | 1 Acymailing | 2024-11-21 | 7.2 High |
| SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. | ||||
| CVE-2015-7336 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.5 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. | ||||
| CVE-2015-7335 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.0 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. | ||||
| CVE-2015-7334 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. | ||||
| CVE-2015-7333 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. | ||||
| CVE-2015-6926 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | 7.5 High |
| The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token. | ||||
| CVE-2015-6589 | 1 Kaseya | 1 Virtual System Administrator | 2024-11-21 | 8.8 High |
| Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx. | ||||
| CVE-2015-6497 | 2 Magento, Php | 2 Magento, Php | 2024-11-21 | 8.8 High |
| The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap. | ||||
| CVE-2015-6495 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 7.5 High |
| There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles. | ||||
| CVE-2015-6000 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 8.8 High |
| Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. | ||||
| CVE-2015-5686 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 8.8 High |
| Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session. | ||||
| CVE-2015-5591 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 7.2 High |
| SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands. | ||||
| CVE-2015-5483 | 1 Private Only Project | 1 Private Only | 2024-11-21 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php. | ||||
| CVE-2015-5466 | 1 Sis | 1 Xgi Vga Display Manager | 2024-11-21 | 7.8 High |
| Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call. | ||||