Total
3865 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5603 | 1 Atlassian | 1 Hipchat | 2024-08-06 | N/A |
| The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." | ||||
| CVE-2015-5242 | 1 Redhat | 2 Gluster Storage, Storage | 2024-08-06 | N/A |
| OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs). | ||||
| CVE-2015-5243 | 1 Phpwhois Project | 1 Phpwhois | 2024-08-06 | N/A |
| phpWhois allows remote attackers to execute arbitrary code via a crafted whois record. | ||||
| CVE-2015-4726 | 1 Audiosharescript | 1 Audioshare | 2024-08-06 | N/A |
| PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter. | ||||
| CVE-2015-4338 | 1 Xcloner | 1 Xcloner | 2024-08-06 | N/A |
| Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php. | ||||
| CVE-2015-3640 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2024-08-06 | N/A |
| phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts. | ||||
| CVE-2015-3638 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2024-08-06 | N/A |
| phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable. | ||||
| CVE-2015-3446 | 1 Alienvault | 1 Unified Security Management | 2024-08-06 | N/A |
| The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). | ||||
| CVE-2015-3173 | 1 Custom Content Type Manager Project | 1 Custom Content Type Manager | 2024-08-06 | 7.2 High |
| custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution. | ||||
| CVE-2015-2945 | 1 H-fj | 1 Mt-phpincgi | 2024-08-06 | N/A |
| mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015. | ||||
| CVE-2015-2308 | 1 Sensiolabs | 1 Symfony | 2024-08-06 | N/A |
| Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element. | ||||
| CVE-2015-2252 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2024-08-06 | N/A |
| Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | ||||
| CVE-2015-2171 | 1 Slimframework | 1 Slim | 2024-08-06 | N/A |
| Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data. | ||||
| CVE-2015-1696 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-08-06 | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699. | ||||
| CVE-2015-1698 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-08-06 | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1699. | ||||
| CVE-2015-1697 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-08-06 | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699. | ||||
| CVE-2015-1645 | 1 Microsoft | 4 Windows 7, Windows Server 2003, Windows Server 2008 and 1 more | 2024-08-06 | N/A |
| Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability." | ||||
| CVE-2015-1675 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-08-06 | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699. | ||||
| CVE-2015-1695 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-08-06 | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699. | ||||
| CVE-2015-1699 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-08-06 | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698. | ||||