Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2015-7695
The PDO adapters in Zend Framework prior to 1.12.16 do not filer null bytes in SQL statements, which allows remote malicious users to execute arbitrary SQL commands via a crafted query.
Zend Zend Framework
Debian Debian Linux 7.0
Debian Debian Linux 8.0
801
VMScore
CVE-2015-7698
icewind1991 SMB prior to 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.
Owncloud Smb
Owncloud Owncloud
801
VMScore
CVE-2015-7699
The files_external app in ownCloud Server prior to 7.0.9, 8.0.x prior to 8.0.7, and 8.1.x prior to 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."
Owncloud Owncloud 7.0.3
Owncloud Owncloud 7.0.5
Owncloud Owncloud 8.0.5
Owncloud Owncloud 7.0.7
Owncloud Owncloud 8.0.0
Owncloud Owncloud 8.0.2
Owncloud Owncloud 8.0.3
Owncloud Owncloud 7.0.0
Owncloud Owncloud 7.0.1
Owncloud Owncloud 7.0.2
Owncloud Owncloud 7.0.4
Owncloud Owncloud 7.0.6
Owncloud Owncloud 8.0.4
Owncloud Owncloud 8.1.0
668
VMScore
CVE-2015-7700
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush prior to 1.7.87 allows malicious users to have unspecified impact via unknown vectors.
Pngcrush Project Pngcrush
383
VMScore
CVE-2015-7706
Multiple cross-site scripting (XSS) vulnerabilities in Secure Data Space SDS-API prior to 3.5.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) PATH_INFO to api/v3/public/shares/downloads/, the (2) authType parameter to api/v3/auth/login, or the (3...
Ssp-europe Secure Data Space 3.4.14
NA
CVE-2015-77062
Secure Data Space version 3.1.1-2 suffers from a cross site scripting vulnerability.
383
VMScore
CVE-2015-7708
Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php.
4homepages 4images
685
VMScore
CVE-2015-7715
Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component prior to 8.9.5 for Joomla! allows remote malicious users to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php.
Realtyna Realtyna Property Listing
1 EDB exploit
890
VMScore
CVE-2015-7716
libstagefright in Android 5.x prior to 5.1.1 LMY48T allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873.
Google Android
828
VMScore
CVE-2015-7717
mediaserver in Android 5.x prior to 5.1.1 LMY48T and 6.0 prior to 2015-10-01 allows malicious users to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
Google Android
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »