Security Vulnerabilities, CVEs, Published In May 2015 CVSS score >= 7
CVE-2015-4133
Public exploit
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.
Max CVSS
7.5
EPSS Score
85.69%
Published
2015-05-28
Updated
2016-11-28
CVE-2015-3306
Public exploit
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
Max CVSS
10.0
EPSS Score
97.19%
Published
2015-05-18
Updated
2021-05-26
CVE-2015-3090
Public exploit
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093.
Max CVSS
10.0
EPSS Score
97.38%
Published
2015-05-13
Updated
2017-01-03
CVE-2015-2845
Public exploit
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
Max CVSS
10.0
EPSS Score
7.92%
Published
2015-05-12
Updated
2018-10-09
CVE-2015-2843
Public exploit
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
Max CVSS
7.5
EPSS Score
1.81%
Published
2015-05-12
Updated
2018-10-09
CVE-2015-2219
Public exploit
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
Max CVSS
7.2
EPSS Score
0.09%
Published
2015-05-12
Updated
2016-12-03
CVE-2014-9727
Public exploit
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
Max CVSS
10.0
EPSS Score
95.70%
Published
2015-05-29
Updated
2018-08-13
CVE-2014-8361
Known exploited
Public exploit
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
Max CVSS
10.0
EPSS Score
96.86%
Published
2015-05-01
Updated
2023-09-05
CISA KEV Added
2023-09-18
8 vulnerabilities found