Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2061 | 1 Ptc | 1 Creo View | 2016-11-29 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. | |||||
| CVE-2015-2065 | 1 Apptha | 1 Wordpress Video Gallery | 2016-11-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-2069 | 1 Woothemes | 1 Woocommerce | 2016-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php. | |||||
| CVE-2015-2070 | 1 Etouch | 1 Samepage | 2016-11-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed. | |||||
| CVE-2015-2071 | 1 Etouch | 1 Samepage | 2016-11-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter. | |||||
| CVE-2015-2083 | 1 Ilch | 1 Cms | 2016-11-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php. | |||||
| CVE-2015-2084 | 1 Cybernetikz | 1 Easy Social Icons | 2016-11-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php. | |||||
| CVE-2013-6501 | 2 Php, Suse | 2 Php, Linux Enterprise Server | 2016-11-29 | 4.6 MEDIUM | N/A |
| The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c. | |||||
| CVE-2014-9676 | 1 Ffmpeg | 1 Ffmpeg | 2016-11-29 | 6.8 MEDIUM | N/A |
| The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free. | |||||
| CVE-2015-1000010 | 1 Simple-image-manipulator Project | 1 Simple-image-manipulator | 2016-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file download in simple-image-manipulator v1.0 wordpress plugin | |||||
| CVE-2015-1000011 | 1 Dukapress Project | 1 Dukapress | 2016-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| Blind SQL Injection in wordpress plugin dukapress v2.5.9 | |||||
| CVE-2015-1358 | 1 Siemens | 1 Wincc | 2016-11-29 | 5.0 MEDIUM | N/A |
| The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. | |||||
| CVE-2015-1796 | 1 Shibboleth | 2 Identity Provider, Opensaml Java | 2016-11-29 | 4.3 MEDIUM | N/A |
| The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor. | |||||
| CVE-2015-1829 | 1 Oracle | 1 Fusion Middleware | 2016-11-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener. | |||||
| CVE-2015-1901 | 1 Ibm | 1 Infosphere Information Server | 2016-11-29 | 1.9 LOW | N/A |
| The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands. | |||||
| CVE-2015-1907 | 1 Ibm | 1 Rational License Key Server | 2016-11-29 | 4.0 MEDIUM | N/A |
| The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors. | |||||
| CVE-2015-1908 | 1 Ibm | 1 Websphere Portal | 2016-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-8876 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2016-11-29 | 6.8 MEDIUM | 7.5 HIGH |
| Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader." | |||||
| CVE-2016-8877 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2016-11-29 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue. | |||||
| CVE-2016-8878 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2016-11-29 | 6.8 MEDIUM | 8.8 HIGH |
| Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER." | |||||