CVE-2015-7603

Public exploit
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
Max CVSS
7.8
EPSS Score
57.66%
Published
2015-09-29
Updated
2015-09-30

CVE-2015-7602

Public exploit
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
Max CVSS
7.8
EPSS Score
50.30%
Published
2015-09-29
Updated
2015-10-13

CVE-2015-7601

Public exploit
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
Max CVSS
7.8
EPSS Score
65.28%
Published
2015-09-29
Updated
2017-11-07

CVE-2015-7387

Public exploit
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
Max CVSS
7.5
EPSS Score
91.13%
Published
2015-09-28
Updated
2020-03-26

CVE-2015-7309

Public exploit
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
Max CVSS
6.5
EPSS Score
45.40%
Published
2015-09-22
Updated
2021-01-04

CVE-2015-7243

Public exploit
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
Max CVSS
7.5
EPSS Score
79.38%
Published
2015-09-18
Updated
2018-07-06

CVE-2015-6967

Public exploit
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
Max CVSS
6.5
EPSS Score
33.40%
Published
2015-09-16
Updated
2015-09-17

CVE-2015-5603

Public exploit
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
Max CVSS
6.5
EPSS Score
61.61%
Published
2015-09-21
Updated
2018-10-09

CVE-2015-5082

Public exploit
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.
Max CVSS
10.0
EPSS Score
96.48%
Published
2015-09-28
Updated
2016-12-08

CVE-2015-2509

Public exploit
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."
Max CVSS
9.3
EPSS Score
97.35%
Published
2015-09-09
Updated
2019-05-15
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!