The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855.
Source: CERT/CC
Max CVSS
4.3
EPSS Score
0.35%
Published
2015-05-30
Updated
2015-06-02
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.12%
Published
2015-05-29
Updated
2016-12-06
Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.25%
Published
2015-05-28
Updated
2016-12-31
Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
Source: MITRE
Max CVSS
5.8
EPSS Score
0.35%
Published
2015-05-28
Updated
2016-12-31

CVE-2015-4133

Public exploit
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.
Source: MITRE
Max CVSS
7.5
EPSS Score
83.33%
Published
2015-05-28
Updated
2016-11-28
Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.06%
Published
2015-05-28
Updated
2016-12-06
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.34%
Published
2015-05-28
Updated
2016-12-31
Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690.
Source: MITRE
Max CVSS
7.5
EPSS Score
5.20%
Published
2015-05-26
Updated
2018-12-10
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.69%
Published
2015-05-26
Updated
2018-12-10
Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.23%
Published
2015-05-28
Updated
2018-10-09
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.
Source: MITRE
Max CVSS
7.8
EPSS Score
94.43%
Published
2015-05-29
Updated
2016-12-06

CVE-2015-4068

Known exploited
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.
Source: MITRE
Max CVSS
9.4
EPSS Score
97.36%
Published
2015-05-29
Updated
2016-12-06
CISA KEV Added
2022-03-25
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow.
Source: MITRE
Max CVSS
10.0
EPSS Score
60.35%
Published
2015-05-29
Updated
2016-12-06
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.14%
Published
2015-05-27
Updated
2021-08-19
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.10%
Published
2015-05-27
Updated
2015-05-28
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.14%
Published
2015-05-27
Updated
2015-05-28
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
Source: MITRE
Max CVSS
3.5
EPSS Score
4.02%
Published
2015-05-27
Updated
2015-05-28
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
Source: MITRE
Max CVSS
6.5
EPSS Score
2.72%
Published
2015-05-27
Updated
2015-05-28
Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header.
Source: MITRE
Max CVSS
10.0
EPSS Score
89.55%
Published
2015-05-29
Updated
2016-12-06
Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header.
Source: MITRE
Max CVSS
10.0
EPSS Score
89.55%
Published
2015-05-29
Updated
2016-12-06
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
Source: MITRE
Max CVSS
7.8
EPSS Score
1.78%
Published
2015-05-29
Updated
2019-03-27
projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors.
Source: MITRE
Max CVSS
10.0
EPSS Score
81.63%
Published
2015-05-29
Updated
2016-12-06
Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors.
Source: MITRE
Max CVSS
10.0
EPSS Score
95.55%
Published
2015-05-29
Updated
2019-06-24
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.11%
Published
2015-05-21
Updated
2015-06-25
The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet.
Source: MITRE
Max CVSS
5.0
EPSS Score
1.23%
Published
2015-05-20
Updated
2022-02-07
410 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!