Latest security vulnerabilities ,with exploits, (Denial Of Service,Execute Code,Overflow,CSRF,File Inclusion,Gain Privilege,SQL Injection,Cross Site Scripting (XSS),Directory Traversal,Memory Corruption,Http Response Splitting,Bypass,Gain Information)

CVE-2015-2790 CVSS:4.3

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. (Last Update:2015-07-02) (Publish Update:2015-03-30)

CVE-2015-2789 CVSS:4.4

Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. (Last Update:2015-03-31) (Publish Update:2015-03-30)

CVE-2015-2701 CVSS:6.8

Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. (Last Update:2015-03-26) (Publish Update:2015-03-25)

CVE-2015-2680 CVSS:6.8

Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php. (Last Update:2015-03-24) (Publish Update:2015-03-23)

CVE-2015-2679 CVSS:7.5

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. (Last Update:2015-03-24) (Publish Update:2015-03-23)

CVE-2015-2678 CVSS:4.3

Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php. (Last Update:2015-03-24) (Publish Update:2015-03-23)

CVE-2015-2564 CVSS:6.5

SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. (Last Update:2015-03-23) (Publish Update:2015-03-20)

CVE-2015-2275 CVSS:4.3

Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy. (Last Update:2015-03-25) (Publish Update:2015-03-12)

CVE-2015-2218 CVSS:4.3

Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. (Last Update:2015-03-05) (Publish Update:2015-03-05)

CVE-2015-2216 CVSS:7.5

SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. (Last Update:2015-03-18) (Publish Update:2015-03-05)

Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com