Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter in a revslider_ajax_action action to wp-admin/admin-ajax.php.
Max CVSS
4.3
EPSS Score
0.16%
Published
2015-06-30
Updated
2016-11-28
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.
Max CVSS
3.5
EPSS Score
0.22%
Published
2015-06-30
Updated
2015-07-01
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
Max CVSS
5.5
EPSS Score
1.00%
Published
2015-06-30
Updated
2016-12-07
SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search.
Max CVSS
7.5
EPSS Score
0.12%
Published
2015-06-30
Updated
2015-07-01
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.
Max CVSS
6.5
EPSS Score
0.12%
Published
2015-06-28
Updated
2016-12-07
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.
Max CVSS
7.5
EPSS Score
1.45%
Published
2015-06-24
Updated
2018-12-10
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.
Max CVSS
7.5
EPSS Score
1.74%
Published
2015-06-24
Updated
2018-12-10
Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.
Max CVSS
4.3
EPSS Score
0.29%
Published
2015-06-24
Updated
2018-10-09
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
Max CVSS
5.0
EPSS Score
1.45%
Published
2015-06-24
Updated
2019-07-03
Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to coloni.php.
Max CVSS
4.3
EPSS Score
0.21%
Published
2015-06-24
Updated
2018-10-09
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.
Max CVSS
4.3
EPSS Score
0.19%
Published
2015-06-24
Updated
2018-10-09
Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.
Max CVSS
5.8
EPSS Score
0.38%
Published
2015-06-24
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.
Max CVSS
3.5
EPSS Score
0.09%
Published
2015-06-24
Updated
2016-12-07
PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter.
Max CVSS
7.5
EPSS Score
0.82%
Published
2015-06-23
Updated
2016-12-07
Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
Max CVSS
4.3
EPSS Score
0.16%
Published
2015-06-23
Updated
2016-12-07
Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.
Max CVSS
4.3
EPSS Score
0.16%
Published
2015-06-22
Updated
2016-12-07
SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.
Max CVSS
6.5
EPSS Score
0.09%
Published
2015-06-22
Updated
2016-12-07
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm.
Max CVSS
4.3
EPSS Score
0.16%
Published
2015-06-19
Updated
2016-12-07
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.
Max CVSS
7.5
EPSS Score
0.17%
Published
2015-06-19
Updated
2016-12-07
Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.
Max CVSS
6.8
EPSS Score
0.24%
Published
2015-06-19
Updated
2016-12-07
SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action.
Max CVSS
6.5
EPSS Score
0.11%
Published
2015-06-19
Updated
2016-12-07
Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field.
Max CVSS
7.5
EPSS Score
5.83%
Published
2015-06-19
Updated
2016-12-07
Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors.
Max CVSS
4.3
EPSS Score
0.20%
Published
2015-06-18
Updated
2020-08-25
Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php.
Max CVSS
4.3
EPSS Score
0.20%
Published
2015-06-18
Updated
2019-03-15
Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php.
Max CVSS
6.8
EPSS Score
0.24%
Published
2015-06-18
Updated
2016-12-07
495 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!