CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6251 CVE-2015-5792 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
6252 CVE-2015-5791 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
6253 CVE-2015-5790 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
6254 CVE-2015-5789 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
6255 CVE-2015-5786 119 DoS Exec Code Overflow Mem. Corr. 2015-08-24 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785.
6256 CVE-2015-5785 119 DoS Exec Code Overflow Mem. Corr. 2015-08-24 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786.
6257 CVE-2015-5778 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
6258 CVE-2015-5777 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
6259 CVE-2015-5773 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
6260 CVE-2015-5772 119 Exec Code Overflow 2015-08-16 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.
6261 CVE-2015-5771 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file.
6262 CVE-2015-5761 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
6263 CVE-2015-5758 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
6264 CVE-2015-5756 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.
6265 CVE-2015-5755 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
6266 CVE-2015-5753 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5779.
6267 CVE-2015-5751 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5753, and CVE-2015-5779.
6268 CVE-2015-5731 352 DoS CSRF 2015-11-09 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.
6269 CVE-2015-5703 89 Exec Code Sql 2015-09-28 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
6270 CVE-2015-5689 119 DoS Exec Code Overflow +Info 2015-09-20 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.
6271 CVE-2015-5673 78 Exec Code 2015-11-03 2015-11-04
6.5
None Remote Low Single system Partial Partial Partial
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command.
6272 CVE-2015-5669 Exec Code 2015-10-29 2015-10-30
6.5
None Remote Low Single system Partial Partial Partial
Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors.
6273 CVE-2015-5662 22 Dir. Trav. 2015-10-18 2016-12-07
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.
6274 CVE-2015-5659 89 Exec Code Sql 2015-10-10 2015-10-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
6275 CVE-2015-5648 89 Exec Code Sql 2015-10-10 2015-10-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
6276 CVE-2015-5645 264 2015-10-05 2015-10-07
6.5
None Remote Low Single system Partial Partial Partial
ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors.
6277 CVE-2015-5644 94 Exec Code 2015-10-05 2015-10-07
6.8
None Remote Medium Not required Partial Partial Partial
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
6278 CVE-2015-5643 94 Exec Code 2015-10-05 2015-10-07
6.8
None Remote Medium Not required Partial Partial Partial
The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
6279 CVE-2015-5642 89 Exec Code Sql 2015-10-05 2015-10-07
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
6280 CVE-2015-5641 89 Exec Code Sql 2015-10-05 2015-10-06
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
6281 CVE-2015-5640 264 2015-10-05 2015-10-06
6.5
None Remote Low Single system Partial Partial Partial
baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.
6282 CVE-2015-5637 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
6283 CVE-2015-5636 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
6284 CVE-2015-5635 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
6285 CVE-2015-5634 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
6286 CVE-2015-5633 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
6287 CVE-2015-5632 264 Bypass 2015-09-20 2015-09-23
6.8
None Remote Medium Not required Partial Partial Partial
The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors.
6288 CVE-2015-5631 352 CSRF 2015-09-11 2015-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators.
6289 CVE-2015-5629 264 Bypass 2015-09-11 2015-10-29
6.8
None Remote Medium Not required Partial Partial Partial
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors.
6290 CVE-2015-5624 119 Exec Code Overflow 2015-09-07 2015-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELPhoneBtnV6 ActiveX control allows remote attackers to execute arbitrary code via a crafted HTML document, related to the discontinued "Click to Live" service.
6291 CVE-2015-5609 22 Dir. Trav. 2017-05-23 2017-06-08
6.4
None Remote Low Not required Partial Partial None
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.
6292 CVE-2015-5607 352 CSRF 2017-09-20 2017-10-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery in the REST API in IPython 2 and 3.
6293 CVE-2015-5603 94 Exec Code 2015-09-21 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
6294 CVE-2015-5534 352 XSS CSRF 2015-11-02 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.
6295 CVE-2015-5533 89 Exec Code Sql CSRF 2017-10-23 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
6296 CVE-2015-5530 352 CSRF 2015-07-16 2015-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/.
6297 CVE-2015-5522 119 DoS Overflow 2015-08-11 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
6298 CVE-2015-5509 264 Bypass 2015-08-18 2016-11-28
6.0
None Remote Medium Single system Partial Partial Partial
The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors.
6299 CVE-2015-5505 17 2015-08-18 2017-07-25
6.8
None Remote Medium Not required Partial Partial Partial
The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors.
6300 CVE-2015-5461 2015-07-08 2016-12-07
6.4
None Remote Low Not required Partial Partial None
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.