# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
34951 |
CVE-2015-5482 |
22 |
|
Dir. Trav. |
2015-08-18 |
2016-12-21 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. |
34952 |
CVE-2015-5481 |
79 |
|
XSS |
2015-08-18 |
2016-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. |
34953 |
CVE-2015-5479 |
189 |
|
DoS |
2016-04-19 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. |
34954 |
CVE-2015-5475 |
79 |
|
XSS |
2015-08-14 |
2016-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages. |
34955 |
CVE-2015-5471 |
22 |
|
Dir. Trav. |
2016-01-12 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. |
34956 |
CVE-2015-5469 |
22 |
|
Dir. Trav. |
2017-05-23 |
2017-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php. |
34957 |
CVE-2015-5468 |
22 |
|
Dir. Trav. |
2017-05-23 |
2017-06-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php. |
34958 |
CVE-2015-5464 |
284 |
|
Bypass |
2015-07-22 |
2016-03-31 |
1.3 |
None |
Local |
Medium |
Multiple systems |
Partial |
None |
None |
The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition. |
34959 |
CVE-2015-5462 |
74 |
|
|
2019-04-03 |
2019-04-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features. |
34960 |
CVE-2015-5461 |
|
|
|
2015-07-08 |
2016-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. |
34961 |
CVE-2015-5460 |
79 |
|
XSS |
2015-07-08 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when creating a classification. |
34962 |
CVE-2015-5459 |
89 |
|
Exec Code Sql |
2015-07-08 |
2016-12-07 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. |
34963 |
CVE-2015-5458 |
|
|
|
2015-07-08 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter. |
34964 |
CVE-2015-5456 |
79 |
|
XSS |
2015-07-08 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions. |
34965 |
CVE-2015-5455 |
79 |
|
XSS |
2015-07-08 |
2015-07-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/. |
34966 |
CVE-2015-5454 |
79 |
|
XSS |
2015-07-08 |
2018-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item. |
34967 |
CVE-2015-5453 |
77 |
|
Exec Code |
2015-07-08 |
2016-11-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. |
34968 |
CVE-2015-5451 |
352 |
|
CSRF |
2015-11-22 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
34969 |
CVE-2015-5448 |
200 |
|
+Info |
2015-10-25 |
2016-12-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. |
34970 |
CVE-2015-5447 |
79 |
|
XSS |
2016-01-05 |
2016-12-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
34971 |
CVE-2015-5446 |
|
|
Exec Code |
2016-01-05 |
2016-12-07 |
5.8 |
None |
Local Network |
High |
Not required |
Partial |
Partial |
Complete |
HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors. |
34972 |
CVE-2015-5445 |
352 |
|
CSRF |
2016-01-05 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. |
34973 |
CVE-2015-5443 |
200 |
|
+Info |
2015-10-12 |
2015-10-13 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors. |
34974 |
CVE-2015-5442 |
|
|
+Priv |
2015-09-29 |
2016-12-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. |
34975 |
CVE-2015-5441 |
79 |
|
XSS |
2015-11-11 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
34976 |
CVE-2015-5440 |
200 |
|
+Info |
2015-09-16 |
2016-12-21 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. |
34977 |
CVE-2015-5435 |
|
|
DoS |
2015-09-29 |
2016-12-23 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. |
34978 |
CVE-2015-5434 |
264 |
|
DoS Bypass |
2016-01-05 |
2016-11-28 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping." |
34979 |
CVE-2015-5433 |
|
|
+Info |
2015-08-26 |
2015-08-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors. |
34980 |
CVE-2015-5431 |
|
|
+Info |
2015-08-26 |
2015-08-27 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. |
34981 |
CVE-2015-5430 |
200 |
|
+Info |
2015-08-26 |
2015-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors. |
34982 |
CVE-2015-5426 |
|
|
+Priv |
2015-09-15 |
2016-12-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. |
34983 |
CVE-2015-5413 |
264 |
|
+Priv +Info |
2015-08-26 |
2016-12-21 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors. |
34984 |
CVE-2015-5412 |
352 |
|
CSRF |
2015-08-26 |
2016-12-21 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. |
34985 |
CVE-2015-5411 |
200 |
|
+Info |
2015-08-26 |
2016-12-21 |
6.8 |
None |
Remote |
Low |
Single system |
Complete |
None |
None |
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
34986 |
CVE-2015-5410 |
|
|
DoS Exec Code |
2015-08-26 |
2016-12-21 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors. |
34987 |
CVE-2015-5408 |
|
|
+Info |
2015-08-22 |
2016-11-28 |
6.0 |
None |
Local |
High |
Single system |
Complete |
Complete |
Complete |
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407. |
34988 |
CVE-2015-5407 |
|
|
+Info |
2015-08-22 |
2016-11-28 |
6.0 |
None |
Local |
High |
Single system |
Complete |
Complete |
Complete |
HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408. |
34989 |
CVE-2015-5405 |
|
|
DoS +Info |
2015-08-26 |
2015-08-27 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. |
34990 |
CVE-2015-5403 |
200 |
|
+Info |
2015-08-26 |
2015-08-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139. |
34991 |
CVE-2015-5401 |
20 |
|
DoS |
2017-05-23 |
2017-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message. |
34992 |
CVE-2015-5400 |
264 |
|
Bypass |
2015-09-28 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. |
34993 |
CVE-2015-5399 |
79 |
|
XSS |
2016-08-26 |
2016-08-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment. |
34994 |
CVE-2015-5397 |
352 |
|
CSRF |
2015-07-14 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. |
34995 |
CVE-2015-5395 |
352 |
|
CSRF |
2017-09-20 |
2017-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. |
34996 |
CVE-2015-5384 |
384 |
|
|
2019-04-03 |
2019-04-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack. |
34997 |
CVE-2015-5383 |
200 |
|
+Info |
2017-05-23 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory. |
34998 |
CVE-2015-5382 |
200 |
|
+Info |
2017-05-23 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. |
34999 |
CVE-2015-5381 |
79 |
|
XSS |
2017-05-23 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. |
35000 |
CVE-2015-5379 |
79 |
|
XSS |
2017-10-23 |
2018-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment. |