CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2015 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-7603 22 Dir. Trav. 2015-09-29 2015-09-30
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
2 CVE-2015-7602 22 Dir. Trav. 2015-09-29 2015-10-13
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
3 CVE-2015-7601 22 Dir. Trav. 2015-09-29 2017-11-06
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
4 CVE-2015-7387 89 Exec Code Sql Bypass 2015-09-28 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO."
5 CVE-2015-7382 89 Exec Code Sql 2015-09-27 2015-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009.
6 CVE-2015-7381 94 Exec Code File Inclusion 2015-09-27 2015-09-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008.
7 CVE-2015-7375 20 DoS Exec Code 2015-09-25 2015-09-28
7.5
None Remote Low Not required Partial Partial Partial
Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file.
8 CVE-2015-7374 20 Exec Code 2015-09-25 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649.
9 CVE-2015-7319 89 Exec Code Sql 2015-09-29 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
10 CVE-2015-7303 Exec Code 2015-09-21 2015-09-22
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.
11 CVE-2015-7243 119 DoS Exec Code Overflow 2015-09-18 2018-07-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
12 CVE-2015-7239 89 Exec Code Sql 2015-09-18 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
13 CVE-2015-7235 89 Exec Code Sql 2015-09-17 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.
14 CVE-2015-7180 119 DoS Overflow Mem. Corr. 2015-09-24 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
15 CVE-2015-7179 119 DoS Exec Code Overflow 2015-09-24 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content.
16 CVE-2015-7178 119 DoS Exec Code Overflow Mem. Corr. 2015-09-24 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content.
17 CVE-2015-7177 119 DoS Overflow Mem. Corr. 2015-09-24 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
18 CVE-2015-7176 119 DoS Overflow 2015-09-24 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.
19 CVE-2015-7175 119 DoS Overflow Mem. Corr. 2015-09-24 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
20 CVE-2015-7174 119 DoS Overflow Mem. Corr. 2015-09-24 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
21 CVE-2015-6962 89 Exec Code Sql 2015-09-17 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.
22 CVE-2015-6949 119 Exec Code Overflow 2015-09-15 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values.
23 CVE-2015-6947 119 Exec Code Overflow 2015-09-15 2015-09-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the activate_doit function in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter.
24 CVE-2015-6946 119 Exec Code Overflow 2015-09-15 2017-06-21
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the service_startup_doit functionality.
25 CVE-2015-6923 +Priv 2015-09-21 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
26 CVE-2015-6915 89 Exec Code Sql 2015-09-11 2015-09-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.
27 CVE-2015-6914 22 Dir. Trav. 2015-09-11 2015-09-14
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx.
28 CVE-2015-6912 77 Exec Code 2015-09-11 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.
29 CVE-2015-6911 89 Exec Code Sql 2015-09-11 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
30 CVE-2015-6910 89 Exec Code Sql 2015-09-11 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.
31 CVE-2015-6829 89 Exec Code Sql 2015-09-16 2015-09-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.
32 CVE-2015-6826 20 DoS 2015-09-05 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.
33 CVE-2015-6825 20 DoS 2015-09-05 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.
34 CVE-2015-6824 20 DoS 2015-09-05 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.
35 CVE-2015-6823 17 DoS 2015-09-05 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.
36 CVE-2015-6822 17 DoS 2015-09-05 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.
37 CVE-2015-6821 20 DoS 2015-09-05 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.
38 CVE-2015-6820 119 DoS Overflow 2015-09-05 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.
39 CVE-2015-6819 189 DoS 2015-09-05 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.
40 CVE-2015-6818 17 DoS 2015-09-05 2018-12-21
7.5
None Remote Low Not required Partial Partial Partial
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.
41 CVE-2015-6812 399 DoS 2015-09-04 2015-09-04
7.8
None Remote Low Not required None None Complete
Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL.
42 CVE-2015-6811 89 Exec Code Sql 2015-09-04 2015-09-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
43 CVE-2015-6728 352 Bypass CSRF 2015-09-01 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.
44 CVE-2015-6682 Exec Code 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-5584.
45 CVE-2015-6681 119 DoS Exec Code Overflow Mem. Corr. 2015-09-08 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6680.
46 CVE-2015-6680 DoS Exec Code Mem. Corr. 2015-09-08 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6681.
47 CVE-2015-6678 119 Exec Code Overflow 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676.
48 CVE-2015-6677 119 DoS Exec Code Overflow Mem. Corr. 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-5588.
49 CVE-2015-6676 119 Exec Code Overflow 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6678.
50 CVE-2015-6581 DoS Exec Code Mem. Corr. 2015-09-03 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.
Total number of vulnerabilities : 209   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.