Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6513 | 1 J2store | 1 J2store | 2015-08-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php. | |||||
| CVE-2015-5489 | 1 Smart Trim Project | 1 Smart Trim | 2015-08-19 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form. | |||||
| CVE-2015-5488 | 1 Thinkshout | 1 Mailchimp | 2015-08-19 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4425 | 1 Pimcore | 1 Pimcore | 2015-08-19 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility. | |||||
| CVE-2015-5681 | 1 Wpslideshow | 1 Powerplay Gallery | 2015-08-19 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/. | |||||
| CVE-2015-5485 | 1 Theeventscalendar | 1 Eventbrite Tickets | 2015-08-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php. | |||||
| CVE-2014-9743 | 1 Videolan | 1 Vlc Media Player | 2015-08-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info. | |||||
| CVE-2015-4376 | 1 Profile2 Privacy Project | 1 Profile2 Privacy | 2015-08-13 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5685 | 1 Bittorrent | 1 Bootstrap-dht | 2015-08-13 | 7.5 HIGH | N/A |
| The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." | |||||
| CVE-2015-4380 | 1 Linear Case Project | 1 Linear Case | 2015-08-13 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5474 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2015-08-13 | 9.3 HIGH | N/A |
| BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol. | |||||
| CVE-2015-5519 | 1 Wideimage Project | 1 Wideimage | 2015-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php. | |||||
| CVE-2014-2210 | 1 Ca | 1 Erwin Web Portal | 2015-08-13 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-2190 | 1 Cisco | 1 Broadband Access Center Telco Wireless Software | 2015-08-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389. | |||||
| CVE-2014-2191 | 1 Cisco | 1 Broadband Access Center Telco Wireless Software | 2015-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun91113. | |||||
| CVE-2014-2092 | 1 Cmsmadesimple | 1 Cms Made Simple | 2015-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also reported issues that may not cross privilege boundaries. | |||||
| CVE-2014-2091 | 1 Atutor | 1 Atutor | 2015-08-13 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries. | |||||
| CVE-2014-2022 | 1 Vbulletin | 1 Vbulletin | 2015-08-13 | 7.1 HIGH | N/A |
| SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request. | |||||
| CVE-2014-0821 | 1 Cybozu | 1 Garoon | 2015-08-13 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931. | |||||
| CVE-2014-0820 | 1 Cybozu | 1 Garoon | 2015-08-13 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||