| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-1424 |
352 |
1
|
CSRF |
2015-01-29 |
2017-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php. |
|
2 |
CVE-2015-1423 |
89 |
1
|
Exec Code Sql |
2015-01-29 |
2017-09-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php. |
|
3 |
CVE-2015-1419 |
|
|
Bypass |
2015-01-28 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. |
|
4 |
CVE-2015-1375 |
264 |
1
|
|
2015-01-28 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files. |
|
5 |
CVE-2015-1374 |
352 |
|
Sql XSS CSRF |
2015-01-27 |
2015-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks. |
|
6 |
CVE-2015-1372 |
89 |
|
Exec Code Sql |
2015-01-27 |
2015-01-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. |
|
7 |
CVE-2015-1371 |
20 |
|
Exec Code |
2015-01-27 |
2015-01-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/. |
|
8 |
CVE-2015-1369 |
89 |
|
Exec Code Sql |
2015-01-27 |
2015-01-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter. |
|
9 |
CVE-2015-1367 |
89 |
|
Exec Code Sql |
2015-01-27 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. |
|
10 |
CVE-2015-1365 |
22 |
1
|
Dir. Trav. |
2015-01-27 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter. |
|
11 |
CVE-2015-1364 |
89 |
1
|
Exec Code Sql |
2015-01-27 |
2015-01-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/. |
|
12 |
CVE-2015-1362 |
119 |
1
|
Exec Code Overflow |
2015-01-27 |
2015-01-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file. |
|
13 |
CVE-2015-1361 |
17 |
|
DoS |
2015-01-27 |
2015-02-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205. |
|
14 |
CVE-2015-1360 |
119 |
|
DoS Overflow |
2015-01-27 |
2015-02-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205. |
|
15 |
CVE-2015-1359 |
189 |
|
DoS Overflow |
2015-01-27 |
2015-02-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205. |
|
16 |
CVE-2015-1346 |
|
|
DoS |
2015-01-22 |
2017-09-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |
|
17 |
CVE-2015-1312 |
264 |
|
+Priv +Info |
2015-01-22 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
18 |
CVE-2015-1311 |
94 |
|
|
2015-01-22 |
2018-12-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
19 |
CVE-2015-1310 |
89 |
|
Exec Code Sql |
2015-01-22 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
20 |
CVE-2015-1309 |
|
|
|
2015-01-22 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. |
|
21 |
CVE-2015-1306 |
200 |
|
+Info |
2015-01-22 |
2015-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors. |
|
22 |
CVE-2015-1205 |
|
|
DoS |
2015-01-22 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |
|
23 |
CVE-2015-1201 |
|
|
DoS |
2015-01-20 |
2015-01-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
24 |
CVE-2015-1195 |
22 |
|
Dir. Trav. |
2015-01-21 |
2019-02-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493. |
|
25 |
CVE-2015-1193 |
22 |
|
Dir. Trav. |
2015-01-21 |
2015-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. |
|
26 |
CVE-2015-1192 |
22 |
|
Dir. Trav. |
2015-01-21 |
2015-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive. |
|
27 |
CVE-2015-1191 |
22 |
|
Dir. Trav. |
2015-01-21 |
2016-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. |
|
28 |
CVE-2015-1182 |
|
|
DoS Exec Code |
2015-01-27 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. |
|
29 |
CVE-2015-1060 |
|
1
|
|
2015-01-16 |
2017-09-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. |
|
30 |
CVE-2015-1059 |
94 |
1
|
Exec Code |
2015-01-16 |
2017-09-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads. |
|
31 |
CVE-2015-1055 |
89 |
|
Exec Code Sql |
2015-01-16 |
2019-07-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php. |
|
32 |
CVE-2015-1051 |
|
|
|
2015-01-15 |
2016-08-23 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. |
|
33 |
CVE-2015-1038 |
59 |
|
|
2015-01-21 |
2017-09-08 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. |
|
34 |
CVE-2015-1030 |
399 |
|
DoS |
2015-01-20 |
2015-02-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached. |
|
35 |
CVE-2015-1029 |
264 |
|
+Priv +Info |
2015-01-16 |
2019-07-11 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache. |
|
36 |
CVE-2015-0973 |
119 |
|
Exec Code Overflow |
2015-01-18 |
2016-10-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. |
|
37 |
CVE-2015-0925 |
94 |
|
Exec Code |
2015-01-22 |
2015-01-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname. |
|
38 |
CVE-2015-0924 |
255 |
|
|
2015-01-17 |
2017-05-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
Complete |
None |
|
Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session. |
|
39 |
CVE-2015-0922 |
200 |
|
+Info |
2015-01-09 |
2017-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password. |
|
40 |
CVE-2015-0920 |
352 |
|
XSS CSRF |
2015-01-08 |
2017-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php. |
|
41 |
CVE-2015-0919 |
89 |
|
Exec Code Sql |
2015-01-08 |
2015-01-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. |
|
42 |
CVE-2015-0867 |
22 |
|
Dir. Trav. |
2015-01-21 |
2015-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename. |
|
43 |
CVE-2015-0591 |
399 |
|
DoS |
2015-01-15 |
2017-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. |
|
44 |
CVE-2015-0590 |
200 |
|
+Info |
2015-01-17 |
2017-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165. |
|
45 |
CVE-2015-0588 |
352 |
|
CSRF |
2015-01-15 |
2017-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. |
|
46 |
CVE-2015-0586 |
399 |
|
DoS |
2015-01-28 |
2017-09-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR process hang) via IPv4 packets, aka Bug ID CSCuo73682. |
|
47 |
CVE-2015-0583 |
200 |
|
+Info |
2015-01-14 |
2017-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. |
|
48 |
CVE-2015-0582 |
20 |
|
DoS |
2015-01-10 |
2017-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. |
|
49 |
CVE-2015-0581 |
|
|
DoS |
2015-01-28 |
2015-09-17 |
7.5 |
None |
Remote |
Low |
??? |
Complete |
None |
Partial |
|
The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880. |
|
50 |
CVE-2015-0579 |
399 |
|
DoS |
2015-01-14 |
2017-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473. |
