CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12901 CVE-2015-7342 89 Sql 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
12902 CVE-2015-7341 434 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.
12903 CVE-2015-7340 89 Sql 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.
12904 CVE-2015-7339 434 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.
12905 CVE-2015-7338 89 Sql 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.
12906 CVE-2015-7337 20 Exec Code 2015-09-29 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.
12907 CVE-2015-7335 362 Exec Code 2020-03-27 2020-03-30
6.9
None Local Medium Not required Complete Complete Complete
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
12908 CVE-2015-7330 254 Bypass 2016-04-11 2018-05-24
6.5
None Remote Low ??? Partial Partial Partial
Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.
12909 CVE-2015-7310 78 Exec Code 2015-09-22 2016-12-08
6.5
None Remote Low ??? Partial Partial Partial
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.
12910 CVE-2015-7309 74 Exec Code 2015-09-22 2021-01-04
6.5
None Remote Low ??? Partial Partial Partial
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
12911 CVE-2015-7293 352 CSRF 2017-09-25 2017-10-06
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
12912 CVE-2015-7291 352 CSRF 2015-11-21 2015-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users.
12913 CVE-2015-7286 310 2015-11-25 2015-11-27
6.4
None Remote Low Not required Partial Partial None
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic.
12914 CVE-2015-7284 352 CSRF 2015-12-31 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.
12915 CVE-2015-7281 352 CSRF 2015-12-31 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users.
12916 CVE-2015-7278 352 CSRF 2015-12-31 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users.
12917 CVE-2015-7274 264 Exec Code 2017-04-10 2017-04-14
6.5
None Remote Low ??? Partial Partial Partial
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.
12918 CVE-2015-7249 264 Bypass 2015-12-30 2017-09-13
6.8
None Remote Low ??? None Complete None
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.
12919 CVE-2015-7222 189 DoS Exec Code Overflow 2015-12-16 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
12920 CVE-2015-7216 20 DoS 2015-12-16 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image.
12921 CVE-2015-7213 189 Exec Code Overflow 2015-12-16 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
12922 CVE-2015-7204 17 Exec Code 2015-12-16 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.
12923 CVE-2015-7196 17 DoS Exec Code 2015-11-05 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.
12924 CVE-2015-7189 119 DoS Exec Code Overflow 2015-11-05 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.
12925 CVE-2015-7184 284 Bypass 2015-10-18 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
12926 CVE-2015-7117 119 DoS Exec Code Overflow Mem. Corr. 2016-01-09 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7092.
12927 CVE-2015-7110 119 DoS Overflow +Priv Mem. Corr. 2015-12-11 2017-09-13
6.9
None Local Medium Not required Complete Complete Complete
The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.
12928 CVE-2015-7107 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-13
6.8
None Remote Medium Not required Partial Partial Partial
QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
12929 CVE-2015-7105 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
12930 CVE-2015-7104 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
12931 CVE-2015-7103 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102.
12932 CVE-2015-7102 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7103.
12933 CVE-2015-7101 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, and CVE-2015-7103.
12934 CVE-2015-7100 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
12935 CVE-2015-7099 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
12936 CVE-2015-7098 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
12937 CVE-2015-7097 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
12938 CVE-2015-7096 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
12939 CVE-2015-7095 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
12940 CVE-2015-7092 119 DoS Exec Code Overflow 2016-01-09 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 tag in MP3 data in a movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7117.
12941 CVE-2015-7091 119 DoS Exec Code Overflow Mem. Corr. 2016-01-09 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7092, and CVE-2015-7117.
12942 CVE-2015-7090 119 DoS Exec Code Overflow Mem. Corr. 2016-01-09 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.
12943 CVE-2015-7089 119 DoS Exec Code Overflow Mem. Corr. 2016-01-09 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.
12944 CVE-2015-7088 119 DoS Exec Code Overflow Mem. Corr. 2016-01-09 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.
12945 CVE-2015-7087 119 DoS Exec Code Overflow Mem. Corr. 2016-01-09 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.
12946 CVE-2015-7086 119 DoS Exec Code Overflow Mem. Corr. 2016-01-09 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.
12947 CVE-2015-7085 119 DoS Exec Code Overflow Mem. Corr. 2016-01-09 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.
12948 CVE-2015-7075 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.
12949 CVE-2015-7074 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.
12950 CVE-2015-7073 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SSL handshake.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.