Search Results (26990 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-9466 1 Webtechideas 1 Wti Like Post 2024-11-21 9.8 Critical
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.
CVE-2015-9451 1 Sizmic 1 Plugmatter Optin Feature Box 2024-11-21 9.8 Critical
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.
CVE-2015-9450 1 Sizmic 1 Plugmatter Optin Feature Box 2024-11-21 9.8 Critical
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter.
CVE-2015-9435 1 Dash10 1 Oauth Server 2024-11-21 9.8 Critical
The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.
CVE-2015-9333 1 Cformsii Project 1 Cformsii 2024-11-21 9.8 Critical
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
CVE-2015-9323 1 Duckdev 1 404 To 301 2024-11-21 9.8 Critical
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
CVE-2015-9298 1 Pixelite 1 Events Manager 2024-11-21 9.8 Critical
The events-manager plugin before 5.6 for WordPress has code injection.
CVE-2015-9280 1 Mailenable 1 Mailenable 2024-11-21 10.0 Critical
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
CVE-2015-9244 1 Mysqljs 1 Mysql 2024-11-21 9.8 Critical
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
CVE-2015-8980 4 Fedoraproject, Opensuse, Php-gettext Project and 1 more 4 Fedora, Leap, Php-gettext and 1 more 2024-11-21 9.8 Critical
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
CVE-2015-8546 2 Google, Samsung 5 Android, Galaxy Note5, Galaxy S6 and 2 more 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015).
CVE-2015-8367 1 Libraw 1 Libraw 2024-11-21 9.8 Critical
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
CVE-2015-8366 1 Libraw 1 Libraw 2024-11-21 9.8 Critical
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
CVE-2015-8031 1 Eclipse 1 Hudson 2024-11-21 9.8 Critical
Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.
CVE-2015-8011 4 Debian, Fedoraproject, Lldpd Project and 1 more 8 Debian Linux, Fedora, Lldpd and 5 more 2024-11-21 9.8 Critical
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
CVE-2015-7874 1 Portapps 1 Kitty Portable 2024-11-21 9.8 Critical
Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname.
CVE-2015-7567 1 Yeager 1 Yeager Cms 2024-11-21 9.8 Critical
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
CVE-2015-6970 1 Boschsecurity 2 Nbn-498 Dinion2x Day\/night Ip Cameras, Nbn-498 Dinion2x Day\/night Ip Cameras Firmware 2024-11-21 9.8 Critical
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.
CVE-2015-6922 1 Kaseya 1 Virtual System Administrator 2024-11-21 9.8 Critical
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx.
CVE-2015-5952 1 Thomsonreuters 1 Fatca 2024-11-21 9.8 Critical
Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter.