# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
41601 |
CVE-2015-9284 |
352 |
|
CSRF |
2019-04-26 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. |
41602 |
CVE-2015-9282 |
79 |
|
XSS |
2019-02-06 |
2019-06-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard. |
41603 |
CVE-2015-9281 |
79 |
|
XSS |
2019-01-16 |
2019-01-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. |
41604 |
CVE-2015-9280 |
611 |
|
|
2019-01-16 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. |
41605 |
CVE-2015-9279 |
79 |
|
XSS |
2019-01-16 |
2019-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. |
41606 |
CVE-2015-9277 |
22 |
|
Dir. Trav. |
2019-01-16 |
2019-01-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled. |
41607 |
CVE-2015-9276 |
79 |
|
XSS Bypass |
2019-01-16 |
2019-01-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. |
41608 |
CVE-2015-9275 |
22 |
|
Dir. Trav. |
2019-01-07 |
2019-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
ARC 5.21q allows directory traversal via a full pathname in an archive file. |
41609 |
CVE-2015-9274 |
125 |
|
DoS |
2018-11-15 |
2018-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh. |
41610 |
CVE-2015-9273 |
79 |
|
XSS |
2018-10-07 |
2018-11-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking. |
41611 |
CVE-2015-9272 |
94 |
|
Exec Code |
2018-10-05 |
2018-11-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code. |
41612 |
CVE-2015-9271 |
434 |
|
Exec Code |
2018-10-04 |
2018-11-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The VideoWhisper videowhisper-video-conference-integration plugin 4.91.8 for WordPress allows remote attackers to execute arbitrary code because vc/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code, a different vulnerability than CVE-2014-1905. |
41613 |
CVE-2015-9270 |
79 |
|
XSS |
2018-10-01 |
2018-11-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter. |
41614 |
CVE-2015-9269 |
200 |
|
+Info |
2018-10-01 |
2018-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format. |
41615 |
CVE-2015-9268 |
20 |
|
|
2018-10-01 |
2018-12-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. |
41616 |
CVE-2015-9266 |
22 |
|
+Priv Dir. Trav. |
2018-09-05 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. |
41617 |
CVE-2015-9264 |
20 |
|
Exec Code |
2018-08-27 |
2018-11-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service. |
41618 |
CVE-2015-9263 |
434 |
|
Exec Code |
2018-08-27 |
2018-11-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands. |
41619 |
CVE-2015-9262 |
119 |
|
DoS Exec Code Overflow |
2018-08-01 |
2019-04-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. |
41620 |
CVE-2015-9261 |
476 |
|
|
2018-07-26 |
2019-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. |
41621 |
CVE-2015-9259 |
434 |
|
|
2018-03-31 |
2018-05-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. |
41622 |
CVE-2015-9258 |
310 |
|
|
2018-03-31 |
2018-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data. |
41623 |
CVE-2015-9257 |
79 |
|
XSS |
2018-03-24 |
2018-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. |
41624 |
CVE-2015-9256 |
200 |
|
+Info |
2018-02-20 |
2018-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. |
41625 |
CVE-2015-9255 |
200 |
|
+Info |
2018-02-20 |
2018-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory. |
41626 |
CVE-2015-9254 |
798 |
|
|
2018-02-20 |
2018-03-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Datto ALTO and SIRIS devices have a default VNC password. |
41627 |
CVE-2015-9253 |
400 |
|
|
2018-02-19 |
2019-04-26 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. |
41628 |
CVE-2015-9252 |
399 |
|
|
2018-02-13 |
2018-05-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc. |
41629 |
CVE-2015-9251 |
79 |
|
XSS |
2018-01-18 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. |
41630 |
CVE-2015-9250 |
22 |
|
Dir. Trav. |
2018-01-12 |
2018-01-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter. |
41631 |
CVE-2015-9249 |
89 |
|
Sql |
2018-01-12 |
2018-01-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element. |
41632 |
CVE-2015-9246 |
20 |
|
Exec Code |
2018-01-12 |
2018-01-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost. |
41633 |
CVE-2015-9245 |
284 |
|
|
2017-10-31 |
2017-11-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. |
41634 |
CVE-2015-9244 |
89 |
|
Sql |
2018-05-29 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. |
41635 |
CVE-2015-9243 |
254 |
|
|
2018-05-29 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`). |
41636 |
CVE-2015-9242 |
20 |
|
DoS |
2018-05-29 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header. |
41637 |
CVE-2015-9241 |
20 |
|
|
2018-05-29 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes). |
41638 |
CVE-2015-9240 |
255 |
|
|
2018-05-29 |
2018-07-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in. |
41639 |
CVE-2015-9239 |
20 |
|
DoS |
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. |
41640 |
CVE-2015-9238 |
134 |
|
|
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length. |
41641 |
CVE-2015-9236 |
200 |
|
+Info |
2018-05-31 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route. |
41642 |
CVE-2015-9235 |
327 |
|
Bypass |
2018-05-29 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). |
41643 |
CVE-2015-9234 |
89 |
|
Sql |
2017-09-29 |
2017-10-06 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. |
41644 |
CVE-2015-9233 |
352 |
|
XSS CSRF |
2017-09-29 |
2017-10-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. |
41645 |
CVE-2015-9231 |
200 |
|
+Info |
2017-09-20 |
2017-10-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware. |
41646 |
CVE-2015-9228 |
434 |
|
|
2017-09-12 |
2017-09-26 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. |
41647 |
CVE-2015-9227 |
94 |
|
Exec Code File Inclusion |
2017-09-11 |
2017-09-18 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. |
41648 |
CVE-2015-9226 |
89 |
|
Exec Code Sql |
2017-09-11 |
2017-09-18 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. |
41649 |
CVE-2015-9224 |
119 |
|
Overflow |
2018-04-18 |
2018-05-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input Validation in QURTK_write() can cause potential buffer overflow. |
41650 |
CVE-2015-9223 |
119 |
|
Overflow |
2018-04-18 |
2018-05-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 400, SD 600, and SD 800, a buffer overflow can occur when processing an audio buffer. |