Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4713 | 1 Apphp | 1 Hotel Site | 2016-12-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. | |||||
| CVE-2015-4714 | 1 Dream-multimedia-tv | 2 Dreambox Dm500-s, Dreambox Dm500-s Firmware | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body. | |||||
| CVE-2015-4716 | 2 Microsoft, Owncloud | 2 Windows, Owncloud | 2016-12-07 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-4186 | 1 Cisco | 1 Virtualization Experience Client 6000 Series Firmware | 2016-12-07 | 7.2 HIGH | N/A |
| The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412. | |||||
| CVE-2015-4188 | 1 Cisco | 1 Prime Collaboration | 2016-12-07 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. | |||||
| CVE-2015-4189 | 1 Cisco | 1 Data Center Analytics Framework | 2016-12-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807. | |||||
| CVE-2015-4190 | 1 Cisco | 1 Prime Service Catalog | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683. | |||||
| CVE-2015-4206 | 1 Cisco | 1 Unified Communications Manager | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | |||||
| CVE-2015-4414 | 1 Se Html5 Album Audio Player Project | 1 Se Html5 Album Audio Player | 2016-12-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2015-4453 | 1 Open-emr | 1 Openemr | 2016-12-07 | 5.0 MEDIUM | N/A |
| interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php. | |||||
| CVE-2015-4460 | 1 Boxautomation | 1 C2box | 2016-12-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors. | |||||
| CVE-2015-2937 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 7.1 HIGH | N/A |
| MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942. | |||||
| CVE-2015-2938 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file. | |||||
| CVE-2015-2939 | 1 Mediawiki | 1 Scribunto | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace. | |||||
| CVE-2015-2940 | 1 Mediawiki | 1 Checkuser | 2016-12-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors. | |||||
| CVE-2015-2941 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value. | |||||
| CVE-2015-2942 | 1 Mediawiki | 1 Mediawiki | 2016-12-07 | 7.1 HIGH | N/A |
| MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937. | |||||
| CVE-2015-3868 | 1 Google | 1 Android | 2016-12-07 | 10.0 HIGH | N/A |
| libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. | |||||
| CVE-2015-4112 | 1 Blackberry | 1 Enterprise Server | 2016-12-07 | 4.3 MEDIUM | N/A |
| The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue. | |||||
| CVE-2015-4155 | 1 Gnu | 1 Parallel | 2016-12-07 | 3.6 LOW | N/A |
| GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||