LiveActive security incident?Get immediate response
CVE archive

2015 CVE Archive

Browse CVE records published in 2015 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 8111 matching CVEs · Page 1 of 163.

Low · CVSS 3.7

CVE-2015-2808: The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with...

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Published Apr 1, 2015 · Updated May 28, 2026

High · CVSS 8.1

CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict...

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

Published Aug 3, 2015 · Updated May 27, 2026

Low · CVSS 3.7

CVE-2015-4000: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client,...

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Published May 21, 2015 · Updated May 27, 2026

Medium · CVSS 6.4

CVE-2015-6563: The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username da...

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

Published Aug 24, 2015 · Updated May 27, 2026

High · CVSS 7.2

CVE-2015-20115: RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by other users.

Published Mar 15, 2026 · Updated May 24, 2026

Medium · CVSS 6.1

CVE-2015-20114: RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads in vulnerable parameters to execute code in users' browser sessions within the context of the affected application.

Published Mar 15, 2026 · Updated May 24, 2026

High · CVSS 7.8

CVE-2015-8325: The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabl...

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.

Published May 1, 2016 · Updated May 22, 2026

Medium · CVSS 6.9

CVE-2015-10142: Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path

Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of the file is already known via a specially-crafted URL. Affected files do not include .config, .aspx or .cs files. The issue does not allow for directory browsing.

Published Jul 25, 2025 · Updated May 15, 2026

Critical · CVSS 9.3

CVE-2015-10141: Xdebug Remote Debugger Unauthenticated OS Command Execution

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.

Published Jul 23, 2025 · Updated May 15, 2026

High · CVSS 8.8

CVE-2015-10148: Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys

Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices.

Published Apr 3, 2026 · Updated May 14, 2026

High · CVSS 7.2

CVE-2015-10133: Subscribe to Comments <= 2.1.2 - Local File Includion

The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This same function can also be used to execute arbitrary PHP code.

Published Jul 19, 2025 · Updated Apr 8, 2026

Medium · CVSS 4.9

CVE-2015-10147: Easy Testimonial Slider and Form <= 1.0.2 - Authenticated (Admin+) SQL injection

The Easy Testimonial Slider and Form plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Published Oct 29, 2025 · Updated Apr 8, 2026

Critical · CVSS 9.8

CVE-2015-10138: Work The Flow File Upload <= 2.5.2 - Arbitrary File Upload

The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Published Jul 19, 2025 · Updated Apr 8, 2026

Critical · CVSS 9.8

CVE-2015-10143: Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update

The Platform theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the *_ajax_save_options() function in all versions up to 1.4.4 (exclusive). This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Published Jul 25, 2025 · Updated Apr 8, 2026

Critical · CVSS 9.8

CVE-2015-10137: Website Contact Form With File Upload <= 1.3.4 - Arbitrary File Upload

The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_file()' function in versions up to, and including, 1.3.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Published Jul 22, 2025 · Updated Apr 8, 2026

Medium · CVSS 4.9

CVE-2015-10146: Thumbnail Slider With Lightbox <= 1.0.4 - Authenticated (Admin+) SQL Injection

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Published Oct 29, 2025 · Updated Apr 8, 2026

High · CVSS 8.8

CVE-2015-10144: Responsive Thumbnail Slider < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload

The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possible.

Published Jul 25, 2025 · Updated Apr 8, 2026

Critical · CVSS 9.8

CVE-2015-10135: WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Published Jul 19, 2025 · Updated Apr 8, 2026

High · CVSS 7.5

CVE-2015-10136: GI-Media Library < 3.0 - Directory Traversal

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Published Jul 19, 2025 · Updated Apr 8, 2026

High · CVSS 7.5

CVE-2015-10134: Simple Backup <= 2.7.10 - Arbitrary File Download via Path Traversal

The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the download_backup_file function. This is due to a lack of capability checks and file type validation. This makes it possible for attackers to download sensitive files such as the wp-config.php file from the affected site.

Published Jul 19, 2025 · Updated Apr 8, 2026

High · CVSS 8.7

CVE-2015-10145: Gargoyle 1.5.x Authenticated OS Command Execution via run_commands.sh

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.

Published Dec 31, 2025 · Updated Mar 23, 2026

Medium · CVSS 6.1

CVE-2015-20116: RealtyScript 4.0.2 Stored Cross-Site Scripting via CSV File Upload Filename

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users' browsers when the file is processed or displayed.

Published Mar 15, 2026 · Updated Mar 16, 2026

Medium · CVSS 6.9

CVE-2015-20117: RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation

Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and /admin/editadmins.php endpoints to register new users with arbitrary credentials and escalate privileges to SUPERUSER level.

Published Mar 15, 2026 · Updated Mar 16, 2026

High · CVSS 7.2

CVE-2015-20118: RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the location_name parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the location_name field to execute arbitrary code in administrator browsers.

Published Mar 15, 2026 · Updated Mar 16, 2026

Medium · CVSS 6.4

CVE-2015-20119: RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with crafted iframe payloads in the text parameter to store malicious content that executes in the browsers of users viewing the affected pages.

Published Mar 15, 2026 · Updated Mar 16, 2026

High · CVSS 8.8

CVE-2015-20121: RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'u_id' in /admin/users.php and the POST parameter 'agent[]' in /admin/mailer.php. Attackers can exploit time-based blind SQL injection techniques to extract sensitive database information or cause denial of service through sleep-based payloads.

Published Mar 15, 2026 · Updated Mar 16, 2026

Medium · CVSS 6.9

CVE-2015-20113: RealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scripting Vulnerabilities

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when logged-in users visit them, or inject persistent scripts that execute in the application context.

Published Mar 15, 2026 · Updated Mar 16, 2026

High · CVSS 8.8

CVE-2015-20120: RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database contents character by character based on response timing differences.

Published Mar 15, 2026 · Updated Mar 16, 2026

High · CVSS 7.8 · CISA KEV

CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe...

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.

Published Jul 14, 2015 · Updated Nov 17, 2025

High · CVSS 7.8 · CISA KEV

CVE-2015-0310: Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before...

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.

Published Jan 23, 2015 · Updated Nov 17, 2025

High · CVSS 7.8 · CISA KEV

CVE-2015-0313: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.30...

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

Published Feb 2, 2015 · Updated Nov 17, 2025

High · CVSS 7.8 · CISA KEV

CVE-2015-3043: Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before...

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.

Published Apr 14, 2015 · Updated Nov 17, 2025

High · CVSS 7.8 · CISA KEV

CVE-2015-5119: Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Fla...

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Published Jul 8, 2015 · Updated Nov 17, 2025

High · CVSS 7.8 · CISA KEV

CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Fl...

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Published Jul 14, 2015 · Updated Nov 17, 2025

Medium · CVSS 6.8

CVE-2015-3976: GE Multilink Cross-site Scripting

Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.

Published Aug 28, 2017 · Updated Nov 4, 2025