CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8001 CVE-2015-6523 352 CSRF 2015-08-19 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php.
8002 CVE-2015-6517 352 CSRF 2015-08-18 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php.
8003 CVE-2015-6516 89 Exec Code Sql 2015-08-18 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php.
8004 CVE-2015-6493 352 CSRF 2015-10-28 2015-10-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
8005 CVE-2015-6486 89 Exec Code Sql 2015-10-28 2015-10-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
8006 CVE-2015-6478 284 2015-11-12 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.
8007 CVE-2015-6468 352 CSRF 2015-09-25 2015-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
8008 CVE-2015-6465 DoS 2015-09-11 2016-12-21
6.8
None Remote Low Single system None None Complete
The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL.
8009 CVE-2015-6458 119 Exec Code Overflow 2019-03-21 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.
8010 CVE-2015-6457 119 Exec Code Overflow 2019-03-21 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.
8011 CVE-2015-6431 399 DoS 2015-12-22 2016-12-07
6.1
None Local Network Low Not required None None Complete
Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.
8012 CVE-2015-6419 200 +Info 2015-12-12 2016-11-28
6.8
None Remote Low Single system Complete None None
Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410.
8013 CVE-2015-6417 264 2015-12-12 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.
8014 CVE-2015-6408 352 CSRF 2015-12-12 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.
8015 CVE-2015-6405 352 CSRF 2015-12-12 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.
8016 CVE-2015-6399 399 DoS 2015-12-15 2017-07-07
6.8
None Remote Low Single system None None Complete
The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.
8017 CVE-2015-6395 264 2015-12-12 2017-09-12
6.5
None Remote Low Single system Partial Partial Partial
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188.
8018 CVE-2015-6380 78 Exec Code 2015-11-23 2015-11-24
6.5
None Remote Low Single system Partial Partial Partial
An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622.
8019 CVE-2015-6379 399 DoS 2015-11-24 2017-09-13
6.8
None Remote Low Single system None None Complete
The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted XML document, aka Bug ID CSCut14223.
8020 CVE-2015-6378 352 CSRF 2015-12-13 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943.
8021 CVE-2015-6376 352 CSRF 2015-11-21 2015-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412.
8022 CVE-2015-6373 352 CSRF 2015-11-18 2015-11-19
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611.
8023 CVE-2015-6361 20 Exec Code 2015-12-12 2015-12-14
6.5
None Remote Low Single system Partial Partial Partial
The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170.
8024 CVE-2015-6359 119 DoS Overflow 2015-12-15 2016-12-07
6.1
None Local Network Low Not required None None Complete
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217.
8025 CVE-2015-6357 20 Exec Code 2015-11-18 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.
8026 CVE-2015-6350 89 Exec Code Sql 2015-10-30 2016-12-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.
8027 CVE-2015-6345 89 Exec Code Sql 2015-10-30 2016-12-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.
8028 CVE-2015-6331 89 Exec Code Sql 2015-10-12 2016-12-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887.
8029 CVE-2015-6330 352 CSRF 2015-11-18 2015-11-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712.
8030 CVE-2015-6329 89 Exec Code Sql 2015-10-12 2016-12-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074.
8031 CVE-2015-6328 200 Bypass +Info 2015-10-12 2016-12-09
6.8
None Remote Low Single system Complete None None
The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380.
8032 CVE-2015-6322 264 Bypass 2015-10-12 2016-12-12
6.6
None Local Low Not required None Complete Complete
The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.
8033 CVE-2015-6318 20 2015-10-12 2017-01-04
6.9
None Local Medium Not required Complete Complete Complete
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969.
8034 CVE-2015-6317 284 Bypass 2016-01-23 2016-12-07
6.8
None Remote Low Single system None Complete None
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.
8035 CVE-2015-6316 255 2015-11-06 2017-01-06
6.5
None Remote Low Single system Partial Partial Partial
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.
8036 CVE-2015-6311 399 DoS 2015-10-08 2017-01-04
6.1
None Local Network Low Not required None None Complete
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236.
8037 CVE-2015-6309 399 DoS 2015-10-02 2018-10-30
6.8
None Remote Low Single system None None Complete
Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.
8038 CVE-2015-6307 399 DoS 2015-09-27 2015-09-29
6.1
None Local Network Low Not required None None Complete
Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu10871.
8039 CVE-2015-6304 352 CSRF 2015-09-24 2016-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.
8040 CVE-2015-6299 89 Exec Code Sql 2015-09-20 2016-12-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824.
8041 CVE-2015-6294 399 DoS 2015-09-18 2016-12-29
6.1
None Local Network Low Not required None None Complete
Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770.
8042 CVE-2015-6285 134 DoS 2015-09-13 2017-01-04
6.4
None Remote Low Not required None Partial Partial
Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.
8043 CVE-2015-6277 399 DoS 2015-09-02 2017-09-19
6.1
None Local Network Low Not required None None Complete
The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.
8044 CVE-2015-6263 399 DoS 2015-10-11 2017-01-04
6.3
None Remote Medium Single system None None Complete
The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324.
8045 CVE-2015-6262 352 CSRF 2015-08-24 2019-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.
8046 CVE-2015-6254 17 2015-08-17 2015-08-19
6.0
None Remote Medium Single system Partial Partial Partial
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
8047 CVE-2015-6170 264 +Priv 2015-12-09 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability."
8048 CVE-2015-6164 20 XSS Bypass 2015-12-09 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 9 through 11 improperly implements a cross-site scripting (XSS) protection mechanism, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, aka "Internet Explorer XSS Filter Bypass Vulnerability."
8049 CVE-2015-6111 399 DoS 2015-11-11 2019-05-15
6.8
None Remote Low Single system None None Complete
IPSec in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles encryption negotiation, which allows remote authenticated users to cause a denial of service (system hang) via crafted IP traffic, aka "Windows IPSec Denial of Service Vulnerability."
8050 CVE-2015-6101 264 +Priv 2015-11-11 2019-05-15
6.9
None Local Medium Not required Complete Complete Complete
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6100.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.