Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-5715 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors. | ||||
CVE-2015-5633 | 1 Newphoria Corporation | 1 Auction Camera | 2024-08-06 | N/A |
The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
CVE-2015-5692 | 1 Symantec | 1 Web Gateway | 2024-08-06 | N/A |
admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. | ||||
CVE-2015-5699 | 1 Cumulusnetworks | 1 Cumulus Linux | 2024-08-06 | N/A |
The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label. | ||||
CVE-2015-5682 | 1 Powerplay Gallery Project | 1 Powerplay Gallery | 2024-08-06 | N/A |
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable. | ||||
CVE-2015-5675 | 1 Freebsd | 1 Freebsd | 2024-08-06 | N/A |
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). | ||||
CVE-2015-5637 | 1 Newphoria Corporation | 1 1.1 | 2024-08-06 | N/A |
The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
CVE-2015-5640 | 1 Basercms | 1 Basercms | 2024-08-06 | N/A |
baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. | ||||
CVE-2015-5636 | 1 Newphoria Corporation | 1 Reversi | 2024-08-06 | N/A |
The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
CVE-2015-5663 | 1 Rarlab | 1 Winrar | 2024-08-06 | N/A |
The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user. | ||||
CVE-2015-5634 | 1 Newphoria Corporation | 1 Megaphone Music | 2024-08-06 | N/A |
The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
CVE-2015-5635 | 1 Newphoria Corporation | 1 Koritore | 2024-08-06 | N/A |
The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
CVE-2015-5632 | 1 Newphoria Corporation | 1 Applican | 2024-08-06 | N/A |
The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
CVE-2015-5618 | 1 Chiyutw | 2 Bf-630, Bf-630w | 2024-08-06 | N/A |
Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice.htm or (b) UniFinger configuration settings via a request to bf.htm, a different vulnerability than CVE-2015-2871. | ||||
CVE-2015-5629 | 1 Ntt-bp | 1 Japan Connected-free Wi-fi | 2024-08-06 | N/A |
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
CVE-2015-5600 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2024-08-06 | N/A |
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. | ||||
CVE-2015-5602 | 1 Sudo Project | 1 Sudo | 2024-08-06 | N/A |
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." | ||||
CVE-2015-5511 | 1 Hybridauth Social Login Project | 1 Hybridauth Social Login | 2024-08-06 | N/A |
The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login. | ||||
CVE-2015-5536 | 1 Belkin | 2 N300 Dual-band Wi-fi Range Extender, N300 Dual-band Wi-fi Range Extender Firmware | 2024-08-06 | N/A |
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request. | ||||
CVE-2015-5499 | 1 Navigate Project | 1 Navigate | 2024-08-06 | N/A |
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission. |