CVE-2015-2790 CVSS:4.3
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. (Last Update:2016-12-02) (Publish Update:2015-03-30)
CVE-2015-2789 CVSS:4.4
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. (Last Update:2016-12-02) (Publish Update:2015-03-30)
CVE-2015-2701 CVSS:6.8
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. (Last Update:2016-12-02) (Publish Update:2015-03-25)
CVE-2015-2680 CVSS:6.8
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php. (Last Update:2016-12-02) (Publish Update:2015-03-23)
CVE-2015-2679 CVSS:7.5
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. (Last Update:2016-12-02) (Publish Update:2015-03-23)
CVE-2015-2678 CVSS:4.3
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php. (Last Update:2016-12-02) (Publish Update:2015-03-23)
CVE-2015-2564 CVSS:6.5
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. (Last Update:2015-03-23) (Publish Update:2015-03-20)
CVE-2015-2275 CVSS:4.3
Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy. (Last Update:2016-12-02) (Publish Update:2015-03-12)
CVE-2015-2218 CVSS:4.3
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. (Last Update:2016-12-02) (Publish Update:2015-03-05)
CVE-2015-2216 CVSS:7.5
SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. (Last Update:2016-12-02) (Publish Update:2015-03-05)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com