Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0967 | 1 Searchblox | 1 Searchblox | 2015-04-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp. | |||||
| CVE-2015-0495 | 1 Oracle | 1 Commerce Guided Search And Experience Manager | 2015-04-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.x and 11.x allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Workbench. | |||||
| CVE-2014-9258 | 1 Glpi-project | 1 Glpi | 2015-04-17 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. | |||||
| CVE-2014-9447 | 1 Elfutils Project | 1 Elfutils | 2015-04-17 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. | |||||
| CVE-2015-0440 | 1 Oracle | 1 Right Now Service Cloud | 2015-04-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console. | |||||
| CVE-2015-1314 | 1 Usaa | 1 Mobile Banking | 2015-04-17 | 2.1 LOW | N/A |
| The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances. | |||||
| CVE-2015-0476 | 1 Oracle | 1 Sql Trace Analyzer | 2015-04-17 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the SQL Trace Analyzer component in Oracle Support Tools before 12.1.11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2015-0510 | 1 Oracle | 1 Commerce Platform | 2015-04-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface. | |||||
| CVE-2015-0907 | 1 Lhaplus | 1 Lhaplus | 2015-04-15 | 6.8 MEDIUM | N/A |
| Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive. | |||||
| CVE-2015-0906 | 1 Lhaplus | 1 Lhaplus | 2015-04-15 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. | |||||
| CVE-2015-0932 | 1 Antlabs | 7 Inngate Ig 3.00 E, Inngate Ig 3.01 E, Inngate Ig 3.02 E and 4 more | 2015-04-15 | 10.0 HIGH | N/A |
| The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. | |||||
| CVE-2014-8360 | 1 Glpi-project | 1 Glpi | 2015-04-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php. | |||||
| CVE-2014-5032 | 1 Glpi-project | 1 Glpi | 2015-04-15 | 5.0 MEDIUM | N/A |
| GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. | |||||
| CVE-2014-9311 | 1 Shareaholic | 1 Shareaholic | 2015-04-15 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-9146 | 1 Fiyo | 1 Fiyo Cms | 2015-04-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php. | |||||
| CVE-2014-9145 | 1 Fiyo | 1 Fiyo Cms | 2015-04-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter in an email action or (6) username parameter in a user action to dapur/apps/app_user/controller/check_user.php. | |||||
| CVE-2014-9706 | 2 Debian, Dulwich Project | 2 Debian Linux, Dulwich | 2015-04-14 | 7.5 HIGH | N/A |
| The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree. | |||||
| CVE-2014-3477 | 1 D-bus Project | 1 D-bus | 2015-04-14 | 2.1 LOW | N/A |
| The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. | |||||
| CVE-2015-2247 | 1 Boosted | 1 Boosted Boards | 2015-04-13 | 8.3 HIGH | N/A |
| Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "injection attack" that blocks and hijacks a Bluetooth signal. | |||||
| CVE-2013-6144 | 2015-04-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||