Export limit exceeded: 24149 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24149 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9544 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2024-11-21 | 7.1 High |
| An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages. | ||||
| CVE-2015-9543 | 1 Openstack | 1 Nova | 2024-11-21 | 3.3 Low |
| An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. | ||||
| CVE-2015-9492 | 1 Smartit Premium Responsive Project | 1 Smartit Premium Responsive | 2024-11-21 | 7.5 High |
| The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9491 | 1 Blessing Premium Responsive Project | 1 Blessing Premium Responsive | 2024-11-21 | 7.5 High |
| The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9490 | 1 Gamestheme Premium Project | 1 Gamestheme Premium | 2024-11-21 | 7.5 High |
| The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9489 | 1 Goodnex Premium Responsive Project | 1 Goodnex Premium Responsive | 2024-11-21 | 7.5 High |
| The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9488 | 1 Almera Responsive Portfolio Site Template Project | 1 Almera Responsive Portfolio Site Template | 2024-11-21 | 7.5 High |
| The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9487 | 1 Almera Responsive Portfolio Project | 1 Almera Responsive Portfolio | 2024-11-21 | 7.5 High |
| The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9486 | 1 Axioma Premium Responsive Project | 1 Axioma Premium Responsive | 2024-11-21 | 7.5 High |
| The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9485 | 1 Accio Responsive Onepage Parallax Site Template Project | 1 Accio Responsive Onepage Parallax Site Template | 2024-11-21 | 7.5 High |
| The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9484 | 1 Accio One Page Parallax Responsive Theme Project | 1 Accio One Page Parallax Responsive Theme | 2024-11-21 | 7.5 High |
| The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9483 | 1 Invento \/ Architecture Building Agency Template Project | 1 Invento \/ Architecture Building Agency Template | 2024-11-21 | 7.5 High |
| The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9482 | 1 Car Dealer \/ Auto Dealer Responsive Project | 1 Car Dealer \/ Auto Dealer Responsive | 2024-11-21 | 7.5 High |
| The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9481 | 1 Diplomat \| Political Project | 1 Diplomat \| Political | 2024-11-21 | 7.5 High |
| The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||||
| CVE-2015-9415 | 1 Angrycreative | 1 Bj Lazy Load | 2024-11-21 | 7.5 High |
| The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. | ||||
| CVE-2015-9351 | 1 Slickremix | 1 Feed Them Social | 2024-11-21 | N/A |
| The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button. | ||||
| CVE-2015-9348 | 1 Codepeople | 1 Sell Downloads | 2024-11-21 | N/A |
| The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. | ||||
| CVE-2015-9345 | 1 Petersplugins | 1 Link Log | 2024-11-21 | N/A |
| The link-log plugin before 2.0 for WordPress has HTTP Response Splitting. | ||||
| CVE-2015-9288 | 1 Unity | 1 Web Player | 2024-11-21 | N/A |
| The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials | ||||
| CVE-2015-9269 | 1 Wpmobilepack | 1 Wordpress Mobile Pack | 2024-11-21 | N/A |
| The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format. | ||||