Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient "Radio security protection," as demonstrated on a 2014 Jeep Cherokee Limited FWD.
Source: MITRE
Max CVSS
8.3
EPSS Score
1.76%
Published
2015-07-21
Updated
2016-12-24
The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.
Source: MITRE
Max CVSS
4.0
EPSS Score
0.12%
Published
2015-07-21
Updated
2016-11-28
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message.
Source: Google Inc.
Max CVSS
5.0
EPSS Score
1.92%
Published
2015-07-23
Updated
2018-10-30
Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/.
Source: MITRE
Max CVSS
6.8
EPSS Score
0.15%
Published
2015-07-16
Updated
2015-07-21
Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.44%
Published
2015-07-16
Updated
2015-07-21
Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action to wp-admin/admin-ajax.php.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.40%
Published
2015-07-16
Updated
2016-12-22
Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php.
Source: MITRE
Max CVSS
4.8
EPSS Score
0.07%
Published
2015-07-14
Updated
2023-01-30
Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.39%
Published
2015-07-14
Updated
2015-07-17
Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.44%
Published
2015-07-14
Updated
2015-08-13

CVE-2015-5477

Public exploit
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
Source: MITRE
Max CVSS
7.8
EPSS Score
97.27%
Published
2015-07-29
Updated
2017-11-10
The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition.
Source: MITRE
Max CVSS
1.3
EPSS Score
0.13%
Published
2015-07-22
Updated
2016-03-31
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
Source: MITRE
Max CVSS
6.4
EPSS Score
0.55%
Published
2015-07-08
Updated
2016-12-07
Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when creating a classification.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.17%
Published
2015-07-08
Updated
2019-06-25
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.84%
Published
2015-07-08
Updated
2016-12-07
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter.
Source: MITRE
Max CVSS
6.8
EPSS Score
2.53%
Published
2015-07-08
Updated
2018-10-09
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
4.36%
Published
2015-07-08
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.41%
Published
2015-07-08
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.12%
Published
2015-07-08
Updated
2015-07-09
Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.17%
Published
2015-07-08
Updated
2019-02-26

CVE-2015-5453

Public exploit
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.
Source: MITRE
Max CVSS
6.5
EPSS Score
1.85%
Published
2015-07-08
Updated
2016-11-28
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.
Source: MITRE
Max CVSS
7.5
EPSS Score
5.40%
Published
2015-07-08
Updated
2016-11-28
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
Source: MITRE
Max CVSS
6.8
EPSS Score
0.21%
Published
2015-07-14
Updated
2016-12-07
Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests.
Source: MITRE
Max CVSS
9.3
EPSS Score
0.62%
Published
2015-07-16
Updated
2015-07-17
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.75%
Published
2015-07-09
Updated
2016-11-28
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device.
Source: MITRE
Max CVSS
7.8
EPSS Score
24.13%
Published
2015-07-18
Updated
2018-03-23
635 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!