U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Search Type: Search All
  • CPE Name Search: false
There are 232,506 matching records.
Displaying matches 162,221 through 162,240.
Vuln ID Summary CVSS Severity
CVE-2015-5461

Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

Published: July 08, 2015; 12:59:04 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2015-5460

Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when creating a classification.

Published: July 08, 2015; 12:59:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-4616

Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.

Published: July 08, 2015; 12:59:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4614

Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.

Published: July 08, 2015; 12:59:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-5459

SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.

Published: July 08, 2015; 11:59:12 AM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2015-5458

Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter.

Published: July 08, 2015; 11:59:11 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-5457

PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php.

Published: July 08, 2015; 11:59:10 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-5456

Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.

Published: July 08, 2015; 11:59:08 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-5455

Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/.

Published: July 08, 2015; 11:59:07 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-5454

Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.

Published: July 08, 2015; 11:59:06 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-5453

Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.

Published: July 08, 2015; 11:59:05 AM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2015-5452

SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.

Published: July 08, 2015; 11:59:04 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.

Published: July 08, 2015; 11:59:02 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-9741

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: July 08, 2015; 11:59:01 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-8175

Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.

Published: July 08, 2015; 11:59:00 AM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2015-5119

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Published: July 08, 2015; 10:59:05 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-4620

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.

Published: July 08, 2015; 10:59:04 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2015-4243

The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202.

Published: July 08, 2015; 10:59:03 AM -0400
V3.x:(not available)
V2.0: 6.1 MEDIUM
CVE-2015-4242

Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721.

Published: July 08, 2015; 10:59:02 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-4241

Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCut52679.

Published: July 08, 2015; 10:59:02 AM -0400
V3.x:(not available)
V2.0: 6.1 MEDIUM