Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4645 | 1 D-link | 1 Dsl-2760u-e1 | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. | |||||
| CVE-2014-4603 | 2 Wordpress, Yahoo\! Updates For Wordpress Plugin Project | 2 Wordpress, Yahoo\! Updates For Wordpress Plugin | 2015-09-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter. | |||||
| CVE-2015-6520 | 1 Ippusbxd Project | 1 Ippusbxd | 2015-09-02 | 7.5 HIGH | N/A |
| IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request. | |||||
| CVE-2014-4598 | 1 Wp-tmkm-amazon Project | 1 Wp-tmkm-amazon | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the AID parameter. | |||||
| CVE-2014-4349 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-09-02 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. | |||||
| CVE-2014-4348 | 1 Phpmyadmin | 1 Phpmyadmin | 2015-09-02 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables. | |||||
| CVE-2014-4189 | 1 Hitachi | 2 Jp1\/performance Management-manager Web Option, Tuning Manager | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4194 | 1 Aas9 | 1 Zerocms | 2015-09-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action. | |||||
| CVE-2014-4188 | 1 Hitachi | 2 Jp1\/performance Management-manager Web Option, Tuning Manager | 2015-09-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-4158 | 1 Senkas | 1 Kolibri | 2015-09-02 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request. | |||||
| CVE-2014-3976 | 1 A10networks | 1 Advanced Core Operating System | 2015-09-02 | 5.0 MEDIUM | N/A |
| Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-3892 | 1 Nexatechnologies | 1 Meridian | 2015-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3933 | 1 Newsignature | 1 Addressfield Tokens | 2015-09-02 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field. | |||||
| CVE-2013-7444 | 1 Mediawiki | 1 Mediawiki | 2015-09-02 | 5.0 MEDIUM | N/A |
| The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | |||||
| CVE-2012-5961 | 1 Libupnp Project | 1 Libupnp | 2015-09-02 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet. | |||||
| CVE-2015-6753 | 1 Quick Edit Project | 1 Quick Edit | 2015-09-01 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) entity title, related to in-place editing, or a (2) node title. | |||||
| CVE-2015-6754 | 1 Path Breadcrumbs Project | 1 Path Breadcrumbs | 2015-09-01 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6752 | 1 Search Api Autocomplete Project | 1 Search Api Autocomplete | 2015-09-01 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the returned suggestions. | |||||
| CVE-2015-6750 | 1 Ricoh | 1 Dl-1 Sr10 | 2015-09-01 | 7.5 HIGH | N/A |
| Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2014-3148 | 1 Ok Web Server Project | 1 Ok Web Server | 2015-09-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, which is not properly handled in a 404 error page. | |||||