CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-5610 200 +Info 2015-07-21 2015-07-22
4.0
None Remote Low Single system Partial None None
The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.
2 CVE-2015-5529 79 XSS 2015-07-16 2015-07-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/.
3 CVE-2015-5528 79 XSS 2015-07-16 2015-07-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action to wp-admin/admin-ajax.php.
4 CVE-2015-5521 79 XSS 2015-07-14 2015-07-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php.
5 CVE-2015-5520 79 XSS 2015-07-14 2015-07-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account.
6 CVE-2015-5519 79 XSS 2015-07-14 2015-07-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php.
7 CVE-2015-5460 79 XSS 2015-07-08 2015-07-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when creating a classification.
8 CVE-2015-5456 79 XSS 2015-07-08 2015-07-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.
9 CVE-2015-5455 79 XSS 2015-07-08 2015-07-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/.
10 CVE-2015-5454 79 XSS 2015-07-08 2015-07-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Nucleus CMS 3.65 allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.
11 CVE-2015-5356 79 XSS 2015-07-01 2015-07-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
12 CVE-2015-5355 79 XSS 2015-07-01 2015-07-02
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php.
13 CVE-2015-5151 79 XSS 2015-06-30 2015-07-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter in a revslider_ajax_action action to wp-admin/admin-ajax.php.
14 CVE-2015-5144 20 Http R.Spl. 2015-07-14 2015-07-15
4.3
None Remote Medium Not required None Partial None
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
15 CVE-2015-5066 79 XSS 2015-06-24 2015-06-24
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.
16 CVE-2015-5064 79 XSS 2015-06-24 2015-06-24
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to coloni.php.
17 CVE-2015-5063 79 XSS 2015-06-24 2015-06-24
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.
18 CVE-2015-4773 2015-07-16 2015-07-20
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in the Hyperion Common Security component in Oracle Hyperion 11.1.2.2, 11.1.2.3, and 11.1.2.4 allows remote authenticated users to affect availability via unknown vectors related to User Account Update.
19 CVE-2015-4772 2015-07-16 2015-07-17
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
20 CVE-2015-4770 2015-07-16 2015-07-20
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem.
21 CVE-2015-4768 2015-07-16 2015-07-20
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, and 6.3.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Diagnostics.
22 CVE-2015-4756 2015-07-16 2015-07-17
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
23 CVE-2015-4752 2015-07-16 2015-07-17
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
24 CVE-2015-4749 2015-07-16 2015-07-20
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.
25 CVE-2015-4746 2015-07-16 2015-07-21
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0.0.7, 6.1.0.3, 6.1.1.5, and 6.2.0.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Global Spec Management.
26 CVE-2015-4743 2015-07-16 2015-07-16
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to AD Utilities.
27 CVE-2015-4738 2015-07-16 2015-07-20
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
28 CVE-2015-4729 2015-07-16 2015-07-20
4.0
None Remote High Not required Partial Partial None
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
29 CVE-2015-4728 2015-07-16 2015-07-16
4.0
None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Sourcing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Bid/Quote creation.
30 CVE-2015-4725 79 XSS 2015-06-23 2015-06-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
31 CVE-2015-4714 79 XSS 2015-06-22 2015-06-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.
32 CVE-2015-4696 DoS 2015-07-01 2015-07-02
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.
33 CVE-2015-4692 DoS 2015-07-27 2015-07-27
4.9
None Local Low Not required None None Complete
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.
34 CVE-2015-4679 79 XSS 2015-06-19 2015-06-22
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm.
35 CVE-2015-4661 79 XSS 2015-06-18 2015-06-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors.
36 CVE-2015-4660 79 XSS 2015-06-18 2015-06-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php.
37 CVE-2015-4657 79 XSS 2015-06-18 2015-06-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL.
38 CVE-2015-4656 79 XSS 2015-06-18 2015-06-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/.
39 CVE-2015-4655 79 XSS 2015-06-18 2015-06-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.
40 CVE-2015-4652 20 DoS 2015-07-21 2015-07-22
4.3
None Remote Medium Not required None None Partial
epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions.
41 CVE-2015-4637 17 2015-07-16 2015-07-21
4.3
None Remote Medium Not required Partial None None
The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.
42 CVE-2015-4587 79 XSS 2015-06-18 2015-06-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu.
43 CVE-2015-4559 79 XSS 2015-06-15 2015-07-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
44 CVE-2015-4550 310 2015-06-17 2015-07-14
4.3
None Remote Medium Not required None Partial None
The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, aka Bug ID CSCuu66218.
45 CVE-2015-4471 189 DoS 2015-06-11 2015-06-11
4.3
None Remote Medium Not required None None Partial
Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.
46 CVE-2015-4470 189 DoS 2015-06-11 2015-06-11
4.3
None Remote Medium Not required None None Partial
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.
47 CVE-2015-4469 119 DoS Overflow 2015-06-11 2015-06-11
4.3
None Remote Medium Not required None None Partial
The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
48 CVE-2015-4468 189 DoS Overflow 2015-06-11 2015-06-11
4.3
None Remote Medium Not required None None Partial
Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
49 CVE-2015-4467 189 DoS 2015-06-11 2015-06-11
4.3
None Remote Medium Not required None None Partial
The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.
50 CVE-2015-4465 79 XSS 2015-06-10 2015-06-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.