Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-4276 |
Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. Published: July 16, 2015; 3:59:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2015-4266 |
The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556. Published: July 16, 2015; 3:59:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-3621 |
Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. Published: July 16, 2015; 10:59:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-5091 |
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data. Published: July 15, 2015; 10:59:21 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-4273 |
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476. Published: July 15, 2015; 10:59:02 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2417 |
OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2416. Published: July 14, 2015; 6:59:10 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2416 |
OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2417. Published: July 14, 2015; 6:59:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2412 |
Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability." Published: July 14, 2015; 5:59:30 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5144 |
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator. Published: July 14, 2015; 1:59:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5457 |
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php. Published: July 08, 2015; 11:59:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-4648 |
Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method. Published: July 06, 2015; 10:59:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-2727 |
Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression. Published: July 05, 2015; 10:00:58 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-0543 |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: July 05, 2015; 6:59:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-2964 |
NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens (JWT) header. Published: July 04, 2015; 9:59:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0548 |
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. Published: July 04, 2015; 6:59:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-0547 |
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. Published: July 04, 2015; 6:59:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-3726 |
The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. Published: July 02, 2015; 10:00:17 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2015-3204 |
libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK. Published: July 01, 2015; 10:59:08 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1942 |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to write to arbitrary files, and subsequently execute these files, via a crafted TCP packet to an unspecified port. Published: June 30, 2015; 11:59:08 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-3237 |
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. Published: June 22, 2015; 3:59:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |