Filtered by CWE-264
Total 5449 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-7861 1 Accelerite 1 Radia Client Automation 2024-11-21 N/A
Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling.
CVE-2015-7840 1 Solarwinds 1 Log And Event Manager 2024-11-21 N/A
The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature.
CVE-2015-7835 1 Xen 1 Xen 2024-11-21 N/A
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
CVE-2015-7818 2 Ibm, Lenovo 2 System Networking Switch Center, Switch Center 2024-11-21 N/A
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.
CVE-2015-7809 1 Symfony 1 Twig 2024-11-21 N/A
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
CVE-2015-7792 1 Corega 1 Cg-wlbargs Firmware 2024-11-21 N/A
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.
CVE-2015-7788 1 Asus 2 Wl-330nul, Wl-330nul Firmware 2024-11-21 N/A
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2015-7766 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 N/A
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
CVE-2015-7751 1 Juniper 1 Junos 2024-11-21 N/A
Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is "corrupted," which allows local users to gain root privileges by modifying the file.
CVE-2015-7717 1 Google 1 Android 2024-11-21 N/A
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
CVE-2015-7709 1 Arkeia 1 Western Digital Arkeia 2024-11-21 N/A
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.
CVE-2015-7707 1 Igniterealtime 1 Openfire 2024-11-21 N/A
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
CVE-2015-7685 1 Glpi-project 1 Glpi 2024-11-21 N/A
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.
CVE-2015-7662 6 Adobe, Apple, Google and 3 more 10 Air, Air Sdk, Air Sdk \& Compiler and 7 more 2024-11-21 N/A
Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors.
CVE-2015-7600 1 Cisco 1 Vpn Client 2024-11-21 N/A
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
CVE-2015-7598 1 Gemalto 1 Safenet Authentication Service Tokenvalidator Proxy Agent 2024-11-21 N/A
SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
CVE-2015-7597 1 Gemalto 1 Safenet Authentication Service Iis Agent 2024-11-21 N/A
SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
CVE-2015-7596 1 Gemalto 1 Safenet Authentication Service End User Software Tools For Windows 2024-11-21 N/A
SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
CVE-2015-7561 2 Kubernetes, Redhat 2 Kubernetes, Openshift 2024-11-21 N/A
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
CVE-2015-7496 3 Fedoraproject, Gnome, Redhat 3 Fedora, Gnome Display Manager, Enterprise Linux 2024-11-21 N/A
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.