CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2015-6507 DoS Mem. Corr. 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2140700.
52 CVE-2015-7266 2018-10-30 2018-10-30
0.0
None ??? ??? ??? ??? ??? ???
The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and impression notifications, aka the Amnesia Bug.
53 CVE-2015-7725 Exec Code Sql 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765.
54 CVE-2015-7726 XSS 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script or HTML via the role name, aka SAP Security Note 2153898.
55 CVE-2015-7727 Exec Code Sql 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898.
56 CVE-2015-7728 XSS 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898.
57 CVE-2015-7729 Exec Code 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892.
58 CVE-2015-7730 DoS 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
59 CVE-2015-7838 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors.
60 CVE-2015-7839 Exec Code 2015-10-15 2015-10-15
0.0
None ??? ??? ??? ??? ??? ???
SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality.
61 CVE-2015-9278 2019-01-16 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
62 CVE-2015-9457 Sql 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
63 CVE-2015-9460 Sql 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
64 CVE-2015-9462 Sql 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
65 CVE-2015-9463 Dir. Trav. 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
66 CVE-2015-9464 Dir. Trav. 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
67 CVE-2015-9465 Sql 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
68 CVE-2015-9466 Sql 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.
69 CVE-2015-9469 XSS 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.
70 CVE-2015-9470 Dir. Trav. 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.
71 CVE-2015-9471 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.
72 CVE-2015-9472 XSS 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.
73 CVE-2015-9473 Dir. Trav. 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.
74 CVE-2015-9474 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
75 CVE-2015-9475 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.
76 CVE-2015-9476 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.
77 CVE-2015-9477 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.
78 CVE-2015-9478 XSS 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.
79 CVE-2015-9479 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.
80 CVE-2015-9480 Dir. Trav. 2019-10-10 2019-10-10
0.0
None ??? ??? ??? ??? ??? ???
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
81 CVE-2015-9481 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
82 CVE-2015-9482 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
83 CVE-2015-9483 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
84 CVE-2015-9484 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
85 CVE-2015-9485 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
86 CVE-2015-9486 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
87 CVE-2015-9487 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
88 CVE-2015-9488 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
89 CVE-2015-9489 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
90 CVE-2015-9490 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
91 CVE-2015-9491 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
92 CVE-2015-9492 +Info 2019-10-11 2019-10-11
0.0
None ??? ??? ??? ??? ??? ???
The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
93 CVE-2016-0260 DoS 2016-06-28 2016-06-28
0.0
None ??? ??? ??? ??? ??? ???
Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.
94 CVE-2016-10545 Exec Code 2018-07-05 2018-07-05
0.0
None ??? ??? ??? ??? ??? ???
thor ruby gem suffers from a command injection vulnerability due to the use of `open-uri`'s open() as used in Thor::Actions#get, allowing for execution of system commands.
95 CVE-2017-1298 DoS 2017-04-28 2017-04-28
0.0
None ??? ??? ??? ??? ??? ???
A denial of service vulnerability has been discovered in 40-GbE network interface modules for IBM Security Network Protection XGS 7100 appliance. IBM X-Force ID: 125160.
96 CVE-2017-5716 DoS Exec Code Overflow 2017-09-05 2017-09-05
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in ConnMan Project connection manager daemon version 1.34 and earlier allows a remote attacker to conduct a denial of service and remote code execution via malformed DNS packets.
97 CVE-2017-7286 Overflow 2017-04-10 2017-04-12
0.0
None ??? ??? ??? ??? ??? ???
The Linux kernel package 3.16.0-28 on Ubuntu 14.04 LTS mishandles a series of mmap system calls for /dev/zero with different starting addresses, with a stated impact of "allowing for a local user to possibly gain root access," aka an "inode integer overflow."
98 CVE-2017-7319 2017-04-10 2017-04-10
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the Linux kernel package 3.16.0-28 on Ubuntu 14.04 LTS allows any user to send a SIGIO signal to any process. If the process does not catch or ignore the signal, it will exit.
99 CVE-2017-7516 Bypass 2018-01-29 2018-01-29
0.0
None ??? ??? ??? ??? ??? ???
It was found that the cpio --no-absolute-filenames option since version 2.7 did not verify paths during extraction. A specially crafted cpio archive could bypass this option and write to an arbitrary location, outside of the extraction directory.
100 CVE-2017-7874 Exec Code 2017-04-15 2017-04-18
0.0
None ??? ??? ??? ??? ??? ???
udevd in udev 232, when the Linux kernel 4.8.0 is used, does not properly verify the source of a Netlink message, which allows local users to execute arbitrary commands by leveraging access to the NETLINK_KOBJECT_UEVENT family, and the presence of the /lib/udev/rules.d/50-udev-default.rules file, to provide a crafted REMOVE_CMD value.
Total number of vulnerabilities : 994   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.