CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2015-6303 200 +Info 2015-09-24 2015-09-24
4.3
None Remote Medium Not required Partial None None
The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and CSCut36844.
152 CVE-2015-6302 399 2015-09-25 2016-12-12
5.0
None Remote Low Not required None None Partial
The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419.
153 CVE-2015-6301 399 DoS 2015-09-20 2016-12-29
5.0
None Remote Low Not required None None Partial
The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171.
154 CVE-2015-6300 20 DoS 2015-09-20 2016-12-29
4.0
None Remote Low Single system None None Partial
Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.
155 CVE-2015-6299 89 Exec Code Sql 2015-09-20 2016-12-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824.
156 CVE-2015-6297 399 DoS 2015-09-18 2016-12-29
5.0
None Remote Low Not required None None Partial
The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525.
157 CVE-2015-6296 264 2015-09-18 2016-12-29
7.2
None Local Low Not required Complete Complete Complete
Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID CSCuw21825.
158 CVE-2015-6295 399 DoS 2015-09-20 2016-12-29
4.8
None Local Network Low Not required Partial None Partial
Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560.
159 CVE-2015-6294 399 DoS 2015-09-18 2016-12-29
6.1
None Local Network Low Not required None None Complete
Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770.
160 CVE-2015-6290 119 DoS Overflow 2015-09-13 2016-12-29
4.3
None Remote Medium Not required None None Partial
Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.
161 CVE-2015-6288 399 DoS 2015-09-13 2016-12-29
5.0
None Remote Low Not required None None Partial
Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620.
162 CVE-2015-6287 399 DoS 2015-09-13 2016-12-29
5.0
None Remote Low Not required None None Partial
Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907.
163 CVE-2015-6286 399 DoS 2015-09-13 2015-09-14
5.7
None Local Network Medium Not required None None Complete
Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016.
164 CVE-2015-6285 134 DoS 2015-09-13 2017-01-04
6.4
None Remote Low Not required None Partial Partial
Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.
165 CVE-2015-6284 119 DoS Overflow 2015-09-20 2016-12-29
7.8
None Remote Low Not required None None Complete
Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277.
166 CVE-2015-6282 20 DoS 2015-09-25 2017-01-04
7.8
None Remote Low Not required None None Complete
Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933.
167 CVE-2015-6280 287 2015-09-27 2017-01-04
9.3
None Remote Medium Not required Complete Complete Complete
The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013.
168 CVE-2015-6279 20 DoS 2015-09-27 2016-12-12
7.8
None Remote Low Not required None None Complete
The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S allows remote attackers to cause a denial of service (device reload) via a malformed ND packet with the Cryptographically Generated Address (CGA) option, aka Bug ID CSCuo04400.
169 CVE-2015-6278 20 DoS 2015-09-27 2017-01-04
7.8
None Remote Low Not required None None Complete
The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S does not properly implement the Control Plane Protection (aka CPPr) feature, which allows remote attackers to cause a denial of service (device reload) via a flood of ND packets, aka Bug ID CSCus19794.
170 CVE-2015-6277 399 DoS 2015-09-02 2017-09-19
6.1
None Local Network Low Not required None None Complete
The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.
171 CVE-2015-6276 200 +Info 2015-09-04 2016-12-29
5.0
None Remote Low Not required Partial None None
Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID CSCuu63501.
172 CVE-2015-6274 119 DoS Overflow 2015-09-02 2017-09-19
5.0
None Remote Low Not required None None Partial
The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.
173 CVE-2015-6259 20 2015-09-03 2016-12-29
9.4
None Remote Low Not required None Complete Complete
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.
174 CVE-2015-6238 79 XSS 2015-09-21 2015-09-23
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php.
175 CVE-2015-6012 2015-09-27 2015-09-28
5.8
None Remote Medium Not required Partial Partial None
Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter.
176 CVE-2015-6011 2015-09-27 2015-09-28
5.0
None Remote Low Not required None Partial None
Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php.
177 CVE-2015-6010 79 XSS 2015-09-27 2015-09-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or (13) sourceIDs parameter to import.php; or the (14) typeName or (15) fileName parameter to modify.php.
178 CVE-2015-6009 89 Exec Code Sql 2015-09-27 2017-09-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.
179 CVE-2015-6008 78 Exec Code 2015-09-27 2017-09-15
7.5
None Remote Low Not required Partial Partial Partial
install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381.
180 CVE-2015-6007 352 CSRF 2015-09-27 2015-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users.
181 CVE-2015-5998 287 Exec Code 2015-09-14 2015-09-16
10.0
None Remote Low Not required Complete Complete Complete
Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command.
182 CVE-2015-5997 2015-09-14 2015-09-16
7.8
None Remote Low Not required Complete None None
Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data.
183 CVE-2015-5993 119 DoS Overflow 2015-09-21 2015-09-21
7.8
None Remote Low Not required None None Complete
Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service (device outage) via a long ipaddr parameter.
184 CVE-2015-5992 79 XSS 2015-09-21 2015-09-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter.
185 CVE-2015-5991 352 CSRF 2015-09-21 2015-09-21
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perform setup operations, as demonstrated by modifying network settings.
186 CVE-2015-5986 20 DoS 2015-09-04 2016-12-30
7.1
None Remote Medium Not required None None Complete
openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.
187 CVE-2015-5957 119 Overflow 2015-09-28 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name.
188 CVE-2015-5956 79 XSS Bypass 2015-09-16 2018-10-09
3.5
None Remote Medium Single system None Partial None
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.
189 CVE-2015-5950 119 Overflow +Priv 2015-09-29 2016-12-07
6.9
None Local Medium Not required Complete Complete Complete
The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call.
190 CVE-2015-5921 200 +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
191 CVE-2015-5920 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.
192 CVE-2015-5916 200 +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature.
193 CVE-2015-5912 17 2015-09-18 2018-10-09
5.0
None Remote Low Not required None Partial None
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
194 CVE-2015-5911 2015-09-18 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document.
195 CVE-2015-5910 200 +Info 2015-09-18 2016-12-21
3.3
None Local Network Low Not required Partial None None
IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network.
196 CVE-2015-5909 200 +Info 2015-09-18 2016-12-21
5.0
None Remote Low Not required Partial None None
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery.
197 CVE-2015-5907 310 2015-09-18 2016-12-21
2.6
None Remote High Not required None Partial None
WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate.
198 CVE-2015-5906 200 +Info 2015-09-18 2016-12-21
5.0
None Remote Low Not required Partial None None
The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character.
199 CVE-2015-5905 254 2015-09-18 2016-12-21
5.0
None Remote Low Not required None Partial None
Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site.
200 CVE-2015-5904 254 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site.
Total number of vulnerabilities : 525   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.