The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2015-0931 | Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a resource injection issue. | Medium | Feb 17, 2015 |
| CVE-2015-0930 | The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session. | High | Feb 4, 2015 |
| CVE-2015-0929 | time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response. | High | Feb 4, 2015 |
| CVE-2015-0928 | libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference). | Medium | Aug 31, 2017 |
| CVE-2015-0926 | Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. | MEDIUM | Jan 31, 2015 |
| CVE-2015-0925 | The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname. | High | Jan 23, 2015 |
| CVE-2015-0924 | Ceragon FiberAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session. | High | Jan 20, 2015 |
| CVE-2015-0923 | The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.<a href=http://cwe.mitre.org/data/definitions/611.html>CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a> | Medium | Feb 17, 2015 |
| CVE-2015-0922 | McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password. | Medium | Jan 12, 2015 |
| CVE-2015-0921 | XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.<a href=http://cwe.mitre.org/data/definitions/611.html>CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a> | Medium | Jan 12, 2015 |
| CVE-2015-0920 | Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php. | Medium | Jan 8, 2015 |
| CVE-2015-0919 | Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. | High | Jan 8, 2015 |
| CVE-2015-0918 | Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php. | Medium | Jan 8, 2015 |
| CVE-2015-0917 | Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. | Medium | Jan 8, 2015 |
| CVE-2015-0916 | SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. | Medium | May 22, 2015 |
| CVE-2015-0915 | Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename. | Medium | May 22, 2015 |
| CVE-2015-0914 | EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request. | Medium | May 1, 2015 |
| CVE-2015-0913 | Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | LOW | May 1, 2015 |
| CVE-2015-0912 | EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors. | Medium | May 1, 2015 |
| CVE-2015-0911 | Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling. | Medium | Apr 24, 2015 |
| CVE-2015-0910 | Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename. | Medium | Apr 24, 2015 |
| CVE-2015-0907 | Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive. | Medium | Apr 15, 2015 |
| CVE-2015-0906 | Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. | Medium | Apr 15, 2015 |
| CVE-2015-0905 | Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users. | Medium | Apr 13, 2015 |
| CVE-2015-0904 | The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. | MEDIUM | Jul 25, 2017 |
| CVE-2015-0903 | Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file. | High | Apr 6, 2015 |
| CVE-2015-0902 | The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code. | Medium | Apr 3, 2015 |
| CVE-2015-0901 | Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Mar 31, 2015 |
| CVE-2015-0900 | Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | Medium | Mar 31, 2015 |
| CVE-2015-0899 | The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. | Medium | Jul 6, 2016 |
| CVE-2015-0898 | futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors. | High | Mar 27, 2015 |
| CVE-2015-0897 | LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. | -- | Oct 31, 2023 |
| CVE-2015-0896 | Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Mar 19, 2015 |
| CVE-2015-0895 | Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. | Medium | Mar 9, 2015 |
| CVE-2015-0894 | SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | Medium | Mar 9, 2015 |
| CVE-2015-0893 | Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Mar 5, 2015 |
| CVE-2015-0892 | Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Mar 5, 2015 |
| CVE-2015-0891 | Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Mar 5, 2015 |
| CVE-2015-0890 | The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. | Medium | Mar 3, 2015 |
| CVE-2015-0889 | KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article. | High | Mar 2, 2015 |
| CVE-2015-0888 | KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors. | Medium | Mar 2, 2015 |
| CVE-2015-0887 | npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.70 allows remote attackers to cause a denial of service (infinite loop and device hang) via a crafted SSTP packet. | High | Mar 4, 2015 |
| CVE-2015-0886 | Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.<a href=http://cwe.mitre.org/data/definitions/190.html>CWE-190: Integer Overflow or Wraparound</a> | Medium | Mar 2, 2015 |
| CVE-2015-0885 | checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username. | Medium | Mar 2, 2015 |
| CVE-2015-0884 | Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.<a href=http://cwe.mitre.org/data/definitions/428.html>CWE-428: Unquoted Search Path or Element</a> | Medium | Mar 2, 2015 |
| CVE-2015-0883 | SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5, when the mailauth module is enabled, does not properly send e-mail messages, which allows remote attackers to execute arbitrary code via unspecified vectors. | Medium | Feb 27, 2015 |
| CVE-2015-0882 | Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php. | Medium | Feb 27, 2015 |
| CVE-2015-0881 | CRLF injection vulnerability in Squid before 3.1.10 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.<a href=http://cwe.mitre.org/data/definitions/93.html target=_blank>CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a> | Medium | Feb 20, 2015 |
| CVE-2015-0880 | Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment. | Medium | Feb 20, 2015 |
| CVE-2015-0879 | CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment. | Medium | Feb 20, 2015 |
