LiveActive security incident?Get immediate response
CVE archive

January 2015

Browse CVE records published in January 2015, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 701 matching CVEs · Page 1 of 15.

High · CVSS 7.8 · CISA KEV

CVE-2015-0310: Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before...

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.

Published Jan 23, 2015 · Updated Nov 17, 2025

High · CVSS 7.8 · CISA KEV

CVE-2015-0016: Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP...

Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."

Published Jan 13, 2015 · Updated Oct 22, 2025

Critical · CVSS 9.8 · CISA KEV

CVE-2015-7450: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, an...

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.

Published Jan 2, 2016 · Updated Oct 21, 2025

Medium · CVSS 5.5

CVE-2015-10015: glidernet ogn-live sql injection

A vulnerability, which was classified as critical, has been found in glidernet ogn-live. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217487.

Published Jan 5, 2023 · Updated May 28, 2025

Low · CVSS 3.5

CVE-2015-10025: luelista miniConf URL Scanning MessageView.cs denial of service

A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the component URL Scanning. The manipulation leads to denial of service. Upgrading to version 1.7.7 and 1.8.0 is able to address this issue. The patch is named c06c2e5116c306e4e1bc79779f0eda2d1182f655. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217615.

Published Jan 7, 2023 · Updated May 28, 2025

Medium · CVSS 4

CVE-2015-10128: rt-prettyphoto Plugin rt-prettyphoto.php royal_prettyphoto_plugin_links cross site scripting

A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability.

Published Jan 2, 2024 · Updated Apr 17, 2025

Medium · CVSS 4

CVE-2015-10007: 82Flex WEIPDCRM cross site scripting

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published Jan 2, 2023 · Updated Apr 11, 2025

Medium · CVSS 6.5

CVE-2015-10008: 82Flex WEIPDCRM sql injection

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The identifier of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier VDB-217185 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published Jan 2, 2023 · Updated Apr 10, 2025

Low · CVSS 3.1

CVE-2015-10010: OpenDNS OpenResolve API endpoints.py get cross site scripting

A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The name of the patch is c680170d5583cd9342fe1af43001fe8b2b8004dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217196.

Published Jan 2, 2023 · Updated Apr 10, 2025

Medium · CVSS 4.6

CVE-2015-10011: OpenDNS OpenResolve endpoints.py neutralization for logs

A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The identifier of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to fix this issue. The identifier VDB-217197 was assigned to this vulnerability.

Published Jan 2, 2023 · Updated Apr 10, 2025

Medium · CVSS 4

CVE-2015-10006: admont28 Ingnovarq insertarSliderAjax.php cross site scripting

A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172.

Published Jan 1, 2023 · Updated Apr 10, 2025

Medium · CVSS 4

CVE-2015-10019: foxoverflow MySimplifiedSQL MySimplifiedSQL_Examples.php cross site scripting

A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. This issue affects some unknown processing of the file MySimplifiedSQL_Examples.php. The manipulation of the argument FirstName/LastName leads to cross site scripting. The attack may be initiated remotely. The patch is named 3b7481c72786f88041b7c2d83bb4f219f77f1293. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217595.

Published Jan 7, 2023 · Updated Apr 10, 2025

Medium · CVSS 5.5

CVE-2015-10024: hoffie larasync file_storage.go path traversal

A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/file_storage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217612.

Published Jan 7, 2023 · Updated Apr 9, 2025

Medium · CVSS 4

CVE-2015-10032: HealthMateWeb createaccount.php cross site scripting

A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file createaccount.php. The manipulation of the argument username/password/first_name/last_name/company/phone leads to cross site scripting. The attack can be launched remotely. The patch is named 472776c25b1046ecaf962c46fed7c713c72c28e3. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217663.

Published Jan 9, 2023 · Updated Apr 9, 2025

Medium · CVSS 5.5

CVE-2015-10029: kelvinmo simplexrd simplexrd.class.php xml external entity reference

A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is identified as 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability.

Published Jan 7, 2023 · Updated Apr 9, 2025

Medium · CVSS 5.5

CVE-2015-10030: SUKOHI Surpass Surpass.php pathname traversal

A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability.

Published Jan 8, 2023 · Updated Apr 9, 2025

Medium · CVSS 5.5

CVE-2015-10038: nym3r0s pplv2 sql injection

A vulnerability was found in nym3r0s pplv2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named 28f8b0550104044da09f04659797487c59f85b00. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218023.

Published Jan 11, 2023 · Updated Apr 9, 2025

Medium · CVSS 5.5

CVE-2015-10051: bony2023 Discussion-Board main.php display_all_replies sql injection

A vulnerability, which was classified as critical, has been found in bony2023 Discussion-Board. Affected by this issue is the function display_all_replies of the file functions/main.php. The manipulation of the argument str leads to sql injection. The patch is identified as 26439bc4c63632d63ba89ebc0f149b25a9010361. It is recommended to apply a patch to fix this issue. VDB-218378 is the identifier assigned to this vulnerability.

Published Jan 15, 2023 · Updated Apr 8, 2025

Medium · CVSS 5.5

CVE-2015-10045: tutrantta project_todolist Database.php update sql injection

A vulnerability, which was classified as critical, was found in tutrantta project_todolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipulation leads to sql injection. The name of the patch is 194a0411bbe11aa4813f13c66b9e8ea403539141. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218352.

Published Jan 15, 2023 · Updated Apr 8, 2025

Medium · CVSS 5.5

CVE-2015-10036: kylebebak dronfelipe sql injection

A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217951.

Published Jan 11, 2023 · Updated Apr 8, 2025

Medium · CVSS 5.5

CVE-2015-10056: 2071174A vinylmap views.py contact sql injection

A vulnerability was found in 2071174A vinylmap. It has been classified as critical. Affected is the function contact of the file recordstoreapp/views.py. The manipulation leads to sql injection. The name of the patch is b07b79a1e92cc62574ba0492cce000ef4a7bd25f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218400.

Published Jan 16, 2023 · Updated Apr 7, 2025

Medium · CVSS 4.6

CVE-2015-10067: oznetmaster SSharpSmartThreadPool SmartThreadPool.cs race condition

A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463.

Published Jan 18, 2023 · Updated Apr 3, 2025

Medium · CVSS 5.5

CVE-2015-10016: jeff-kelley opensim-utils regionscrits.php DatabaseForRegion sql injection

A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affected by this issue is the function DatabaseForRegion of the file regionscrits.php. The manipulation of the argument region leads to sql injection. The patch is identified as c29e5c729a833a29dbf5b1e505a0553fe154575e. It is recommended to apply a patch to fix this issue. VDB-217550 is the identifier assigned to this vulnerability.

Published Jan 6, 2023 · Updated Nov 25, 2024

Medium · CVSS 5.5

CVE-2015-10023: Fumon trello-octometric srv.go main sql injection

A vulnerability classified as critical has been found in Fumon trello-octometric. This affects the function main of the file metrics-ui/server/srv.go. The manipulation of the argument num leads to sql injection. The patch is named a1f1754933fbf21e2221fbc671c81a47de6a04ef. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217611.

Published Jan 7, 2023 · Updated Nov 25, 2024

Medium · CVSS 4

CVE-2015-10028: ss15-this-is-sparta Main Page roomElement.js cross site scripting

A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is ba2f71ad3a46e5949ee0c510b544fa4ea973baaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217624.

Published Jan 7, 2023 · Updated Nov 25, 2024

Medium · CVSS 5.5

CVE-2015-10042: Dovgalyuk AIBattle procedures.php registerUser sql injection

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The identifier of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published Jan 13, 2023 · Updated Nov 25, 2024

Medium · CVSS 5.5

CVE-2015-10048: bmattoso desafio_buzz_woody sql injection

A vulnerability was found in bmattoso desafio_buzz_woody. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patch is cb8220cbae06082c969b1776fcb2fdafb3a1006b. It is recommended to apply a patch to fix this issue. The identifier VDB-218357 was assigned to this vulnerability.

Published Jan 15, 2023 · Updated Nov 25, 2024

High · CVSS 7.5

CVE-2015-10063: saemorris TheRadSystem _login.php redirect sql injection

A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The identifier of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability.

Published Jan 17, 2023 · Updated Nov 25, 2024

Unknown · CVSS Not scored

CVE-2015-1373: Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote atta...

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properly handled when logging the event, or (3) page title in an insert action.

Published Jan 27, 2015 · Updated Sep 17, 2024