CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7501 CVE-2015-5792 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
7502 CVE-2015-5791 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
7503 CVE-2015-5790 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
7504 CVE-2015-5789 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
7505 CVE-2015-5786 119 DoS Exec Code Overflow Mem. Corr. 2015-08-24 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785.
7506 CVE-2015-5785 119 DoS Exec Code Overflow Mem. Corr. 2015-08-24 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786.
7507 CVE-2015-5778 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
7508 CVE-2015-5777 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
7509 CVE-2015-5773 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
7510 CVE-2015-5772 119 Exec Code Overflow 2015-08-16 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.
7511 CVE-2015-5771 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file.
7512 CVE-2015-5761 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
7513 CVE-2015-5758 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
7514 CVE-2015-5756 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.
7515 CVE-2015-5755 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
7516 CVE-2015-5753 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5779.
7517 CVE-2015-5751 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5753, and CVE-2015-5779.
7518 CVE-2015-5731 352 DoS CSRF 2015-11-09 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.
7519 CVE-2015-5703 89 Exec Code Sql 2015-09-28 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
7520 CVE-2015-5689 119 DoS Exec Code Overflow +Info 2015-09-20 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.
7521 CVE-2015-5673 78 Exec Code 2015-11-03 2015-11-04
6.5
None Remote Low Single system Partial Partial Partial
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command.
7522 CVE-2015-5669 Exec Code 2015-10-29 2015-10-30
6.5
None Remote Low Single system Partial Partial Partial
Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors.
7523 CVE-2015-5662 22 Dir. Trav. 2015-10-18 2016-12-07
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.
7524 CVE-2015-5659 89 Exec Code Sql 2015-10-10 2015-10-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
7525 CVE-2015-5648 89 Exec Code Sql 2015-10-10 2015-10-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
7526 CVE-2015-5645 264 2015-10-05 2015-10-07
6.5
None Remote Low Single system Partial Partial Partial
ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors.
7527 CVE-2015-5644 94 Exec Code 2015-10-05 2015-10-07
6.8
None Remote Medium Not required Partial Partial Partial
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
7528 CVE-2015-5643 94 Exec Code 2015-10-05 2015-10-07
6.8
None Remote Medium Not required Partial Partial Partial
The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
7529 CVE-2015-5642 89 Exec Code Sql 2015-10-05 2015-10-07
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
7530 CVE-2015-5641 89 Exec Code Sql 2015-10-05 2015-10-06
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
7531 CVE-2015-5640 264 2015-10-05 2015-10-06
6.5
None Remote Low Single system Partial Partial Partial
baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.
7532 CVE-2015-5637 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
7533 CVE-2015-5636 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
7534 CVE-2015-5635 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
7535 CVE-2015-5634 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
7536 CVE-2015-5633 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
7537 CVE-2015-5632 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors.
7538 CVE-2015-5631 352 CSRF 2015-09-11 2015-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators.
7539 CVE-2015-5629 264 Bypass 2015-09-11 2015-10-29
6.8
None Remote Medium Not required Partial Partial Partial
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
7540 CVE-2015-5624 119 Exec Code Overflow 2015-09-07 2015-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELPhoneBtnV6 ActiveX control allows remote attackers to execute arbitrary code via a crafted HTML document, related to the discontinued "Click to Live" service.
7541 CVE-2015-5609 22 Dir. Trav. 2017-05-23 2017-06-08
6.4
None Remote Low Not required Partial Partial None
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.
7542 CVE-2015-5607 352 CSRF 2017-09-20 2017-10-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery in the REST API in IPython 2 and 3.
7543 CVE-2015-5603 94 Exec Code 2015-09-21 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
7544 CVE-2015-5601 434 Exec Code 2019-07-29 2019-07-31
6.5
None Remote Low Single system Partial Partial Partial
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
7545 CVE-2015-5534 352 XSS CSRF 2015-11-02 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.
7546 CVE-2015-5533 89 Exec Code Sql CSRF 2017-10-23 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
7547 CVE-2015-5530 352 CSRF 2015-07-16 2015-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/.
7548 CVE-2015-5522 119 DoS Overflow 2015-08-11 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
7549 CVE-2015-5509 264 Bypass 2015-08-18 2016-11-28
6.0
None Remote Medium Single system Partial Partial Partial
The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors.
7550 CVE-2015-5505 17 2015-08-18 2017-07-25
6.8
None Remote Medium Not required Partial Partial Partial
The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.