LiveActive security incident?Get immediate response
CVE archive

January 2015

Browse CVE records published in January 2015, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 701 matching CVEs · Page 2 of 15.

Unknown · CVSS Not scored

CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause fram...

On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.

Published Jan 23, 2018 · Updated Sep 16, 2024

Medium · CVSS 5.5

CVE-2015-10050: brandonfire miRNA_Database_by_PHP_MySql model.php count_rna sql injection

A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. It is recommended to apply a patch to fix this issue. VDB-218374 is the identifier assigned to this vulnerability.

Published Jan 15, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10053: prodigasistemas curupira passwords_controller.rb sql injection

A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The patch is identified as 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability.

Published Jan 16, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2015-10049: Overdrive Eletrônica course-builder oeditor.html cross site scripting

A vulnerability was found in Overdrive Eletrônica course-builder up to 1.7.x and classified as problematic. Affected by this issue is some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is e39645fd714adb7e549908780235911ae282b21b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218372.

Published Jan 15, 2023 · Updated Aug 6, 2024

Low · CVSS 3.7

CVE-2015-10033: jvvlee MerlinsBoard Grade improper authorization

A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The identifier of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability.

Published Jan 9, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10014: arekk uke finder.rb sql injection

A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The identifier of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. The identifier VDB-217485 was assigned to this vulnerability.

Published Jan 5, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2015-10059: s134328 Webapplication-Veganguide apiService.js cross site scripting

A vulnerability has been found in s134328 Webapplication-Veganguide and classified as problematic. This vulnerability affects unknown code of the file p05-integration/app/shared/api/apiService.js. The manipulation of the argument country/city leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 2aa760fa4e779e40a28206a32ac22ac10356f519. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218416.

Published Jan 17, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10039: dobos domino EntityFactory.cs sql injection

A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulation leads to sql injection. Upgrading to version 0.1.5524.38553 is able to address this issue. The name of the patch is 16f039073709a21a76526110d773a6cce0ce753a. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218024.

Published Jan 11, 2023 · Updated Aug 6, 2024

Medium · CVSS 4.6

CVE-2015-10057: Little Apps Little Software Stats Password Reset class.securelogin.php access control

A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability.

Published Jan 16, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10065: AenBleidd FiND my_validator.cpp init_result buffer overflow

A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The patch is identified as ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability.

Published Jan 17, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10060: MNBikeways database views.py sql injection

A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The identifier of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is recommended to apply a patch to fix this issue. The identifier VDB-218417 was assigned to this vulnerability.

Published Jan 17, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10061: evandro-machado Trabalho-Web2 ClienteDAO.java sql injection

A vulnerability was found in evandro-machado Trabalho-Web2. It has been classified as critical. This affects an unknown part of the file src/java/br/com/magazine/dao/ClienteDAO.java. The manipulation leads to sql injection. The patch is named f59ac954625d0a4f6d34f069a2e26686a7a20aeb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218427.

Published Jan 17, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10052: calesanz gibb-modul-151 login redirect

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. This affects the function bearbeiten/login. The manipulation leads to open redirect. It is possible to initiate the attack remotely. The patch is named 88a517dc19443081210c804b655e72770727540d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218379. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published Jan 15, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10068: danynab movify-j ReviewServiceImpl.java getByMovieId sql injection

A vulnerability classified as critical was found in danynab movify-j. This vulnerability affects the function getByMovieId of the file app/business/impl/ReviewServiceImpl.java. The manipulation of the argument movieId/username leads to sql injection. The name of the patch is c3085e01936a4d7eff1eda3093f25d56cc4d2ec5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218476.

Published Jan 18, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10027: hydrian TTRSS-Auth-LDAP Username ldap injection

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is identified as a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability.

Published Jan 7, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10069: viakondratiuk cash-machine machine.py update_failed_attempts sql injection

A vulnerability was found in viakondratiuk cash-machine. It has been declared as critical. This vulnerability affects the function is_card_pin_at_session/update_failed_attempts of the file machine.py. The manipulation leads to sql injection. The name of the patch is 62a6e24efdfa195b70d7df140d8287fdc38eb66d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218896.

Published Jan 19, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2015-10058: Wikisource Category Browser index.php cross site scripting

A vulnerability, which was classified as problematic, was found in Wikisource Category Browser. This affects an unknown part of the file index.php. The manipulation of the argument lang leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 764f4e8ce3f9242637df77530c70ae8a2ec4b6a1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218415.

Published Jan 17, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10062: galaxy-data-resource Command Line Template injection

A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named 50d65f45d3f5be5d1fbff2e45ac5cec075f07d42. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218451.

Published Jan 17, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10054: githuis P2Manage Database.cs Execute sql injection

A vulnerability, which was classified as critical, was found in githuis P2Manage. This affects the function Execute of the file PTwoManage/Database.cs. The manipulation of the argument sql leads to sql injection. The identifier of the patch is 717380aba80002414f82d93c770035198b7858cc. It is recommended to apply a patch to fix this issue. The identifier VDB-218397 was assigned to this vulnerability.

Published Jan 16, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10043: abreen Apollo path traversal

A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218307.

Published Jan 14, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10040: gitlearn Escape Sequence config.sh getOutOf injection

A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The patch is identified as 3faa5deaa509012069afe75cd03c21bda5050a64. It is recommended to apply a patch to fix this issue. VDB-218302 is the identifier assigned to this vulnerability.

Published Jan 13, 2023 · Updated Aug 6, 2024

Medium · CVSS 6.3

CVE-2015-10070: copperwall Twiddit index.php sql injection

A vulnerability was found in copperwall Twiddit. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation leads to sql injection. The identifier of the patch is 2203d4ce9810bdaccece5c48ff4888658a01acfc. It is recommended to apply a patch to fix this issue. The identifier VDB-218897 was assigned to this vulnerability.

Published Jan 19, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10026: tiredtyrant flairbot flair.py sql injection

A vulnerability was found in tiredtyrant flairbot. It has been declared as critical. This vulnerability affects unknown code of the file flair.py. The manipulation leads to sql injection. The patch is identified as 5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb. It is recommended to apply a patch to fix this issue. VDB-217618 is the identifier assigned to this vulnerability.

Published Jan 7, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10034: j-nowak workout-organizer sql injection

A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability.

Published Jan 9, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10017: HPI-Information-Systems ProLOD sql injection

A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. This vulnerability affects unknown code. The manipulation of the argument this leads to sql injection. The name of the patch is 3f710905458d49c77530bd3cbcd8960457566b73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217552.

Published Jan 6, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10064: VictorFerraresi pokemon-database-php sql injection

A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218455.

Published Jan 17, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10037: ACI_Escola sql injection

A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 34eed1f7b9295d1424912f79989d8aba5de41e9f. It is recommended to apply a patch to fix this issue. The identifier VDB-217965 was assigned to this vulnerability.

Published Jan 11, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10031: purpleparrots 491-Project Highscore update.php sql injection

A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217648.

Published Jan 8, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10066: tynx wuersch Store.class.php getByCustomQuery sql injection

A vulnerability was found in tynx wuersch and classified as critical. Affected by this issue is the function packValue/getByCustomQuery of the file backend/base/Store.class.php. The manipulation leads to sql injection. The patch is identified as 66d4718750a741d1053d327a79e285fd50372519. It is recommended to apply a patch to fix this issue. VDB-218462 is the identifier assigned to this vulnerability.

Published Jan 17, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10020: ssn2013 cis450Project AddAppUser.java addUser sql injection

A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is 39b495011437a105c7670e17e071f99195b4922e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218380.

Published Jan 14, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2015-10013: WebDevStudios taxonomy-switcher Plugin taxonomy-switcher.php taxonomy_switcher_init cross site scripting

A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.4 is able to address this issue. It is recommended to upgrade the affected component. VDB-217446 is the identifier assigned to this vulnerability.

Published Jan 5, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10041: Dovgalyuk AIBattle procedures.php sendComments sql injection

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Dovgalyuk AIBattle. Affected is the function sendComments of the file site/procedures.php. The manipulation of the argument text leads to sql injection. The name of the patch is e3aa4d0900167641d41cbccf53909229f00381c9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218304. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published Jan 13, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10044: gophergala sqldump sql injection

A vulnerability classified as critical was found in gophergala sqldump. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 76db54e9073b5248b8863e71a63d66a32d567d21. It is recommended to apply a patch to fix this issue. VDB-218350 is the identifier assigned to this vulnerability.

Published Jan 15, 2023 · Updated Aug 6, 2024

Low · CVSS 2.6

CVE-2015-10071: gitter-badger ezpublish-modern-legacy forgotpassword.php password recovery

A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is named 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951.

Published Jan 19, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10047: KYUUBl school-register DBManager.java sql injection

A vulnerability was found in KYUUBl school-register. It has been classified as critical. This affects an unknown part of the file src/DBManager.java. The manipulation leads to sql injection. The patch is named 1cf7e01b878aee923f2b22cc2535c71a680e4c30. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218355.

Published Jan 15, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10046: lolfeedback sql injection

A vulnerability has been found in lolfeedback and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The identifier of the patch is 6cf0b5f2228cd8765f734badd37910051000f2b2. It is recommended to apply a patch to fix this issue. The identifier VDB-218353 was assigned to this vulnerability.

Published Jan 15, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10035: gperson angular-test-reporter data-server.js addTest sql injection

A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715.

Published Jan 9, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10009: nterchange code_caller_controller.php getContent code injection

A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue. The patch is named fba7d89176fba8fe289edd58835fe45080797d99. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217187.

Published Jan 2, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10055: PictureThisWebServer user.js router.post sql injection

A vulnerability was found in PictureThisWebServer and classified as critical. This issue affects the function router.post of the file routes/user.js. The manipulation of the argument username/password leads to sql injection. The patch is named 68b9dc346e88b494df00d88c7d058e96820e1479. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218399.

Published Jan 16, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2015-10018: DBRisinajumi d2files D2filesController.php actionDownloadFile sql injection

A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The identifier of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability.

Published Jan 6, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2015-10021: ritterim definely database.js cross site scripting

A vulnerability was found in ritterim definely. It has been classified as problematic. Affected is an unknown function of the file src/database.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is b31a022ba4d8d17148445a13ebb5a42ad593dbaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217608.

Published Jan 7, 2023 · Updated Aug 6, 2024

Low · CVSS 3.5

CVE-2015-10012: sumocoders FrameworkUserBundle login.html.twig information exposure

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published Jan 3, 2023 · Updated Aug 6, 2024