Export limit exceeded: 337951 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 15294 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10159 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10159 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2184 | 1 Ajsquare | 1 Zeuscart | 2025-04-12 | N/A |
| ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. | ||||
| CVE-2015-2209 | 1 Dlguard | 1 Dlguard | 2025-04-12 | N/A |
| DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php. | ||||
| CVE-2015-2214 | 1 Netcat | 1 Netcat | 2025-04-12 | N/A |
| NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php. | ||||
| CVE-2015-2711 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | N/A |
| Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL, as demonstrated by a private path component. | ||||
| CVE-2015-2718 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | N/A |
| The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data. | ||||
| CVE-2015-2748 | 1 Websense | 4 Triton Ap Data, Triton Ap Email, Triton Ap Web and 1 more | 2025-04-12 | N/A |
| Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. | ||||
| CVE-2015-2762 | 1 Websense | 1 Triton Ap Web | 2025-04-12 | N/A |
| Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. | ||||
| CVE-2015-2771 | 1 Websense | 2 Triton Ap Email, V-series Appliances | 2025-04-12 | N/A |
| The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-2804 | 1 Alcatel-lucent | 7 Omniswitch 6250, Omniswitch 6400, Omniswitch 6450 and 4 more | 2025-04-12 | N/A |
| The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | ||||
| CVE-2015-3097 | 2 Adobe, Microsoft | 5 Air, Air Sdk, Air Sdk \& Compiler and 2 more | 2025-04-12 | N/A |
| Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address. | ||||
| CVE-2015-3098 | 6 Adobe, Apple, Google and 3 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2025-04-12 | N/A |
| Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3099 and CVE-2015-3102. | ||||
| CVE-2015-3108 | 6 Adobe, Apple, Google and 3 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2025-04-12 | N/A |
| Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. | ||||
| CVE-2015-3176 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register. | ||||
| CVE-2015-3282 | 1 Openafs | 1 Openafs | 2025-04-12 | N/A |
| vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network. | ||||
| CVE-2015-3236 | 1 Haxx | 2 Curl, Libcurl | 2025-04-12 | N/A |
| cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-3244 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-12 | N/A |
| The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID. | ||||
| CVE-2015-3251 | 1 Apache | 1 Cloudstack | 2025-04-12 | N/A |
| Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls. | ||||
| CVE-2015-3271 | 1 Apache | 1 Tika | 2025-04-12 | N/A |
| Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header. | ||||
| CVE-2015-3284 | 1 Openafs | 1 Openafs | 2025-04-12 | N/A |
| pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. | ||||
| CVE-2015-3293 | 1 Fortinet | 1 Fortimail | 2025-04-12 | N/A |
| FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. | ||||