Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-5074 |
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension. Published: September 29, 2015; 3:59:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-6279 |
The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S allows remote attackers to cause a denial of service (device reload) via a malformed ND packet with the Cryptographically Generated Address (CGA) option, aka Bug ID CSCuo04400. Published: September 27, 2015; 10:59:11 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-6278 |
The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S does not properly implement the Control Plane Protection (aka CPPr) feature, which allows remote attackers to cause a denial of service (device reload) via a flood of ND packets, aka Bug ID CSCus19794. Published: September 27, 2015; 10:59:09 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-6282 |
Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933. Published: September 25, 2015; 9:59:06 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-7375 |
Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file. Published: September 25, 2015; 10:59:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-7374 |
The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649. Published: September 25, 2015; 10:59:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-5568 |
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors. Published: September 22, 2015; 6:59:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-2917 |
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. Published: September 21, 2015; 6:59:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-6300 |
Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. Published: September 20, 2015; 10:59:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-4638 |
The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) via a fragmented packet. Published: September 18, 2015; 10:59:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5879 |
XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header. Published: September 18, 2015; 8:00:18 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5869 |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. Published: September 18, 2015; 8:00:15 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.3 LOW |
CVE-2015-5837 |
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. Published: September 18, 2015; 6:59:52 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5820 |
WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. Published: September 18, 2015; 6:59:39 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5767 |
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. Published: September 18, 2015; 6:59:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5765 |
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. Published: September 18, 2015; 6:59:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5764 |
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. Published: September 18, 2015; 6:59:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-7234 |
The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors. Published: September 17, 2015; 12:59:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-7231 |
The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb." Published: September 17, 2015; 12:59:10 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1319 |
The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive. Published: September 17, 2015; 12:59:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |