CVE-2015-7603

Public exploit
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
Max CVSS
7.8
EPSS Score
57.66%
Published
2015-09-29
Updated
2015-09-30

CVE-2015-7602

Public exploit
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
Max CVSS
7.8
EPSS Score
50.30%
Published
2015-09-29
Updated
2015-10-13

CVE-2015-7601

Public exploit
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
Max CVSS
7.8
EPSS Score
65.28%
Published
2015-09-29
Updated
2017-11-07

CVE-2015-7387

Public exploit
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
Max CVSS
7.5
EPSS Score
91.13%
Published
2015-09-28
Updated
2020-03-26
SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009.
Max CVSS
7.5
EPSS Score
0.10%
Published
2015-09-28
Updated
2015-09-29
Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008.
Max CVSS
7.5
EPSS Score
0.60%
Published
2015-09-28
Updated
2015-09-29
Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file.
Max CVSS
7.5
EPSS Score
1.00%
Published
2015-09-25
Updated
2015-09-29
The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649.
Max CVSS
7.5
EPSS Score
7.27%
Published
2015-09-25
Updated
2016-12-08
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Max CVSS
7.5
EPSS Score
0.14%
Published
2015-09-29
Updated
2018-10-09
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.
Max CVSS
10.0
EPSS Score
0.46%
Published
2015-09-21
Updated
2015-09-23

CVE-2015-7243

Public exploit
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
Max CVSS
7.5
EPSS Score
79.38%
Published
2015-09-18
Updated
2018-07-06
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.14%
Published
2015-09-18
Updated
2018-12-10
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.
Max CVSS
7.5
EPSS Score
0.12%
Published
2015-09-17
Updated
2016-12-22
The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
6.58%
Published
2015-09-24
Updated
2016-12-22
The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content.
Max CVSS
7.5
EPSS Score
8.20%
Published
2015-09-24
Updated
2016-12-22
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.
Max CVSS
7.5
EPSS Score
7.71%
Published
2015-09-24
Updated
2016-12-22
The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
6.58%
Published
2015-09-24
Updated
2016-12-22
The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
7.20%
Published
2015-09-24
Updated
2016-12-22
The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
Max CVSS
7.5
EPSS Score
6.58%
Published
2015-09-24
Updated
2016-12-22
The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
Max CVSS
7.5
EPSS Score
6.58%
Published
2015-09-24
Updated
2016-12-22
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.
Max CVSS
7.5
EPSS Score
0.15%
Published
2015-09-17
Updated
2016-12-22
Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values.
Max CVSS
9.3
EPSS Score
22.72%
Published
2015-09-15
Updated
2016-12-22
Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the service_startup_doit functionality.
Max CVSS
9.3
EPSS Score
95.65%
Published
2015-09-15
Updated
2019-06-26
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
Max CVSS
7.2
EPSS Score
0.06%
Published
2015-09-21
Updated
2018-10-09
SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.
Max CVSS
7.5
EPSS Score
0.13%
Published
2015-09-11
Updated
2015-09-14
183 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!