| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
47601 |
CVE-2015-0900 |
79 |
|
XSS |
2015-03-31 |
2015-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
|
47602 |
CVE-2015-0899 |
20 |
|
Bypass |
2016-07-04 |
2018-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. |
|
47603 |
CVE-2015-0898 |
94 |
|
Exec Code |
2015-03-20 |
2015-03-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors. |
|
47604 |
CVE-2015-0896 |
79 |
|
XSS |
2015-03-18 |
2015-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47605 |
CVE-2015-0895 |
352 |
|
CSRF |
2015-03-06 |
2015-03-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. |
|
47606 |
CVE-2015-0894 |
89 |
|
Exec Code Sql |
2015-03-06 |
2015-03-09 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
47607 |
CVE-2015-0893 |
79 |
|
XSS |
2015-03-04 |
2015-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47608 |
CVE-2015-0892 |
79 |
|
XSS |
2015-03-04 |
2015-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47609 |
CVE-2015-0891 |
79 |
|
XSS |
2015-03-04 |
2015-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47610 |
CVE-2015-0890 |
|
|
Bypass |
2015-03-03 |
2015-03-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. |
|
47611 |
CVE-2015-0889 |
|
|
Exec Code |
2015-02-27 |
2015-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article. |
|
47612 |
CVE-2015-0888 |
|
|
|
2015-02-27 |
2015-03-02 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors. |
|
47613 |
CVE-2015-0887 |
399 |
|
DoS |
2015-02-27 |
2015-03-04 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.70 allows remote attackers to cause a denial of service (infinite loop and device hang) via a crafted SSTP packet. |
|
47614 |
CVE-2015-0886 |
|
|
Overflow |
2015-02-27 |
2015-09-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent. |
|
47615 |
CVE-2015-0885 |
399 |
|
DoS |
2015-02-27 |
2015-09-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username. |
|
47616 |
CVE-2015-0884 |
|
|
+Priv |
2015-02-27 |
2015-11-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. |
|
47617 |
CVE-2015-0883 |
|
|
Exec Code |
2015-02-26 |
2015-02-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5, when the mailauth module is enabled, does not properly send e-mail messages, which allows remote attackers to execute arbitrary code via unspecified vectors. |
|
47618 |
CVE-2015-0882 |
79 |
|
XSS |
2015-02-26 |
2017-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php. |
|
47619 |
CVE-2015-0881 |
|
|
Http R.Spl. |
2015-02-20 |
2015-03-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. |
|
47620 |
CVE-2015-0880 |
119 |
|
Exec Code Overflow |
2015-02-20 |
2015-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment. |
|
47621 |
CVE-2015-0879 |
20 |
|
DoS |
2015-02-20 |
2015-02-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment. |
|
47622 |
CVE-2015-0878 |
22 |
|
Dir. Trav. |
2015-02-20 |
2015-02-20 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment. |
|
47623 |
CVE-2015-0877 |
|
|
Exec Code |
2015-04-05 |
2015-04-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a \0 character in its name. |
|
47624 |
CVE-2015-0876 |
79 |
|
XSS |
2015-04-06 |
2015-04-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47625 |
CVE-2015-0874 |
295 |
|
+Info |
2017-09-26 |
2017-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. |
|
47626 |
CVE-2015-0873 |
79 |
|
XSS |
2015-02-12 |
2015-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47627 |
CVE-2015-0871 |
79 |
|
XSS |
2015-02-07 |
2015-02-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47628 |
CVE-2015-0870 |
79 |
|
XSS |
2015-01-31 |
2015-02-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47629 |
CVE-2015-0869 |
264 |
|
DoS |
2015-02-01 |
2015-02-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
Complete |
None |
|
I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. |
|
47630 |
CVE-2015-0868 |
|
|
Exec Code |
2015-02-01 |
2015-02-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS before 2.91 allows remote attackers to execute arbitrary code by uploading an executable file. |
|
47631 |
CVE-2015-0867 |
22 |
|
Dir. Trav. |
2015-01-21 |
2015-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename. |
|
47632 |
CVE-2015-0866 |
79 |
|
XSS |
2015-02-02 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do. |
|
47633 |
CVE-2015-0864 |
264 |
|
Exec Code +Info |
2017-03-27 |
2017-04-04 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. |
|
47634 |
CVE-2015-0863 |
264 |
|
Exec Code +Info |
2017-03-27 |
2017-04-04 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
|
GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. |
|
47635 |
CVE-2015-0861 |
264 |
|
Bypass |
2016-04-13 |
2016-04-19 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records. |
|
47636 |
CVE-2015-0860 |
189 |
|
Exec Code Overflow |
2015-12-03 |
2017-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. |
|
47637 |
CVE-2015-0859 |
17 |
|
Exec Code |
2015-12-03 |
2015-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments. |
|
47638 |
CVE-2015-0857 |
77 |
|
Exec Code |
2016-05-06 |
2016-05-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. |
|
47639 |
CVE-2015-0856 |
264 |
|
+Priv |
2015-11-24 |
2016-11-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. |
|
47640 |
CVE-2015-0855 |
94 |
|
Exec Code |
2017-03-23 |
2017-04-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. |
|
47641 |
CVE-2015-0854 |
19 |
|
Exec Code |
2016-12-29 |
2017-01-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action. |
|
47642 |
CVE-2015-0853 |
20 |
|
Exec Code |
2017-09-06 |
2017-09-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). |
|
47643 |
CVE-2015-0852 |
189 |
|
DoS Mem. Corr. |
2015-09-29 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. |
|
47644 |
CVE-2015-0851 |
189 |
|
DoS |
2015-08-12 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data. |
|
47645 |
CVE-2015-0850 |
20 |
|
Exec Code |
2015-06-02 |
2015-06-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. |
|
47646 |
CVE-2015-0848 |
119 |
|
DoS Exec Code Overflow |
2015-07-01 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. |
|
47647 |
CVE-2015-0847 |
17 |
|
DoS |
2015-05-29 |
2016-12-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. |
|
47648 |
CVE-2015-0846 |
200 |
|
+Info |
2015-04-24 |
2015-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors. |
|
47649 |
CVE-2015-0845 |
94 |
|
Exec Code |
2015-04-17 |
2015-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates. |
|
47650 |
CVE-2015-0844 |
200 |
|
+Info |
2015-04-14 |
2016-06-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. |
