CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-6659 89 Exec Code Sql 2015-08-24 2015-08-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.
2 CVE-2015-6565 264 DoS 2015-08-23 2015-08-24
7.2
None Local Low Not required Complete Complete Complete
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.
3 CVE-2015-6525 189 DoS Overflow 2015-08-24 2015-08-25
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.
4 CVE-2015-6522 89 Exec Code Sql 2015-08-19 2015-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
5 CVE-2015-6519 89 Exec Code Sql 2015-08-18 2015-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php.
6 CVE-2015-6513 89 Exec Code Sql 2015-08-18 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php.
7 CVE-2015-5779 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-26
7.5
None Remote Low Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753.
8 CVE-2015-5776 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
9 CVE-2015-5775 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
10 CVE-2015-5774 119 Overflow +Priv 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
11 CVE-2015-5769 DoS 2015-08-16 2015-08-19
7.1
None Remote Medium Not required None None Complete
The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
12 CVE-2015-5763 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
13 CVE-2015-5750 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters.
14 CVE-2015-5685 20 Exec Code 2015-08-13 2015-08-13
7.5
None Remote Low Not required Partial Partial Partial
The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."
15 CVE-2015-5681 Exec Code 2015-08-18 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/.
16 CVE-2015-5621 19 DoS Exec Code 2015-08-19 2015-08-20
7.5
None Remote Low Not required Partial Partial Partial
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
17 CVE-2015-5618 264 Bypass 2015-07-31 2015-08-03
7.5
None Remote Low Not required Partial Partial Partial
Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice.htm or (b) UniFinger configuration settings via a request to bf.htm, a different vulnerability than CVE-2015-2871.
18 CVE-2015-5599 89 Exec Code Sql 2015-08-18 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.
19 CVE-2015-5504 89 Exec Code Sql 2015-08-18 2015-08-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
20 CVE-2015-5502 284 2015-08-18 2015-08-28
7.5
None Remote Low Not required Partial Partial Partial
The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.
21 CVE-2015-5501 254 Exec Code 2015-08-18 2015-08-20
7.5
None Remote Low Not required Partial Partial Partial
The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment.
22 CVE-2015-5477 19 DoS 2015-07-29 2015-08-25
7.8
None Remote Low Not required None None Complete
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
23 CVE-2015-5457 20 Exec Code 2015-07-08 2015-08-11
7.5
None Remote Low Not required Partial Partial Partial
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php.
24 CVE-2015-5452 89 Exec Code Sql 2015-07-08 2015-07-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.
25 CVE-2015-5432 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
26 CVE-2015-5429 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.
27 CVE-2015-5428 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429.
28 CVE-2015-5427 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.
29 CVE-2015-5424 Exec Code 2015-08-24 2015-08-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.
30 CVE-2015-5423 Exec Code 2015-08-24 2015-08-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884.
31 CVE-2015-5422 Exec Code 2015-08-24 2015-08-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883.
32 CVE-2015-5421 Exec Code 2015-08-24 2015-08-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.
33 CVE-2015-5420 Exec Code 2015-08-24 2015-08-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.
34 CVE-2015-5419 Exec Code 2015-08-24 2015-08-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.
35 CVE-2015-5418 Exec Code 2015-08-24 2015-08-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877.
36 CVE-2015-5417 Exec Code 2015-08-24 2015-08-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.
37 CVE-2015-5416 Exec Code 2015-08-24 2015-08-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.
38 CVE-2015-5409 119 DoS Overflow 2015-08-26 2015-08-27
7.5
None Remote Low Single system None Partial Complete
Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
39 CVE-2015-5404 +Info 2015-08-26 2015-08-27
7.5
None Remote Low Not required Partial Partial Partial
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
40 CVE-2015-5402 264 DoS +Priv +Info 2015-08-26 2015-08-27
7.2
None Local Low Not required Complete Complete Complete
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors.
41 CVE-2015-5380 119 DoS Overflow Mem. Corr. 2015-07-09 2015-07-09
7.5
None Remote Low Not required Partial Partial Partial
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.
42 CVE-2015-5374 19 DoS 2015-07-18 2015-07-21
7.8
None Remote Low Not required None None Complete
The EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to cause a denial of service via crafted packets on UDP port 50000.
43 CVE-2015-5368 119 DoS Exec Code Overflow 2015-08-27 2015-08-28
7.8
None Remote Medium Not required None Partial Complete
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.
44 CVE-2015-5359 DoS 2015-07-14 2015-07-16
7.1
None Remote Medium Not required None None Complete
Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (NULL pointer dereference and RDP crash) via a large number of BGP-VPLS advertisements with updated BGP local preference values.
45 CVE-2015-5358 399 DoS 2015-07-14 2015-07-17
7.1
None Remote Medium Not required None None Complete
Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D16, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (mbuf and connection consumption and restart) via a large number of requests that trigger a TCP connection to move to the LAST_ACK state when there is more data to send.
46 CVE-2015-5353 22 Dir. Trav. 2015-07-01 2015-07-02
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.
47 CVE-2015-5166 264 +Priv 2015-08-12 2015-08-17
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
48 CVE-2015-5154 119 Exec Code Overflow 2015-08-12 2015-08-17
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
49 CVE-2015-5148 89 Exec Code Sql 2015-06-30 2015-07-01
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search.
50 CVE-2015-5147 119 DoS Exec Code Overflow 2015-07-14 2015-07-14
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.