CVE-2015-8660

Public exploit
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
Max CVSS
7.2
EPSS Score
0.12%
Published
2015-12-28
Updated
2023-06-07

CVE-2015-8562

Public exploit
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Max CVSS
7.5
EPSS Score
97.31%
Published
2015-12-16
Updated
2018-10-09

CVE-2015-8103

Public exploit
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
Max CVSS
9.8
EPSS Score
79.49%
Published
2015-11-25
Updated
2024-01-09

CVE-2015-7858

Public exploit
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
Max CVSS
7.5
EPSS Score
84.85%
Published
2015-10-29
Updated
2017-09-13

CVE-2015-7857

Public exploit
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
Max CVSS
7.5
EPSS Score
84.85%
Published
2015-10-29
Updated
2017-09-13

CVE-2015-7808

Public exploit
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.
Max CVSS
7.5
EPSS Score
74.24%
Published
2015-11-24
Updated
2015-11-25

CVE-2015-7768

Public exploit
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.
Max CVSS
7.5
EPSS Score
76.30%
Published
2015-10-09
Updated
2017-09-10

CVE-2015-7766

Public exploit
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
Max CVSS
9.0
EPSS Score
10.73%
Published
2015-10-09
Updated
2015-10-09

CVE-2015-7765

Public exploit
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
Max CVSS
9.0
EPSS Score
71.48%
Published
2015-10-09
Updated
2015-10-09

CVE-2015-7755

Public exploit
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.
Max CVSS
10.0
EPSS Score
97.05%
Published
2015-12-19
Updated
2016-12-07

CVE-2015-7709

Public exploit
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.
Max CVSS
10.0
EPSS Score
77.67%
Published
2015-10-05
Updated
2015-10-06

CVE-2015-7603

Public exploit
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
Max CVSS
7.8
EPSS Score
57.66%
Published
2015-09-29
Updated
2015-09-30

CVE-2015-7602

Public exploit
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
Max CVSS
7.8
EPSS Score
50.30%
Published
2015-09-29
Updated
2015-10-13

CVE-2015-7601

Public exploit
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
Max CVSS
7.8
EPSS Score
65.28%
Published
2015-09-29
Updated
2017-11-07

CVE-2015-7387

Public exploit
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
Max CVSS
7.5
EPSS Score
91.13%
Published
2015-09-28
Updated
2020-03-26

CVE-2015-7309

Public exploit
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
Max CVSS
6.5
EPSS Score
45.40%
Published
2015-09-22
Updated
2021-01-04

CVE-2015-7297

Public exploit
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
Max CVSS
7.5
EPSS Score
97.56%
Published
2015-10-29
Updated
2017-09-13

CVE-2015-7243

Public exploit
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
Max CVSS
7.5
EPSS Score
79.38%
Published
2015-09-18
Updated
2018-07-06

CVE-2015-7007

Public exploit
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
Max CVSS
7.5
EPSS Score
97.29%
Published
2015-10-23
Updated
2016-12-24

CVE-2015-6967

Public exploit
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
Max CVSS
6.5
EPSS Score
33.40%
Published
2015-09-16
Updated
2015-09-17

CVE-2015-6522

Public exploit
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
Max CVSS
7.5
EPSS Score
97.06%
Published
2015-08-19
Updated
2016-12-09

CVE-2015-6133

Public exploit
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
Max CVSS
7.2
EPSS Score
78.70%
Published
2015-12-09
Updated
2019-05-15

CVE-2015-6132

Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
Max CVSS
7.2
EPSS Score
96.25%
Published
2015-12-09
Updated
2019-05-15

CVE-2015-6128

Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
Max CVSS
7.2
EPSS Score
75.87%
Published
2015-12-09
Updated
2018-10-12

CVE-2015-6127

Public exploit
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center Information Disclosure Vulnerability."
Max CVSS
4.3
EPSS Score
85.69%
Published
2015-12-09
Updated
2019-05-15
123 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!