CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2015 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-8030 119 Exec Code Overflow 2015-10-30 2015-11-02
6.8
None Remote Medium Not required Partial Partial Partial
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities.
2 CVE-2015-8029 119 Exec Code Overflow Mem. Corr. 2015-10-30 2015-11-02
6.8
None Remote Medium Not required Partial Partial Partial
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.
3 CVE-2015-8028 119 Exec Code Overflow 2015-10-30 2015-11-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file.
4 CVE-2015-7986 119 DoS Exec Code Overflow Mem. Corr. 2015-10-27 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security Note 2197428.
5 CVE-2015-7904 Exec Code 2015-10-28 2015-10-28
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
6 CVE-2015-7903 89 Exec Code Sql 2015-10-28 2015-10-28
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
7 CVE-2015-7902 200 +Info 2015-10-28 2015-10-28
5.0
None Remote Low Not required Partial None None
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.
8 CVE-2015-7901 78 Exec Code 2015-10-28 2017-09-16
6.5
None Remote Low ??? Partial Partial Partial
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
9 CVE-2015-7899 284 +Info 2015-10-29 2015-10-30
5.0
None Remote Low Not required Partial None None
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
10 CVE-2015-7876 89 Exec Code Sql 2015-10-21 2016-06-01
7.5
None Remote Low Not required Partial Partial Partial
The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function.
11 CVE-2015-7873 254 2015-10-28 2016-12-07
5.0
None Remote Low Not required None Partial None
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.
12 CVE-2015-7863 254 Bypass 2015-10-19 2016-12-24
5.0
None Remote Low Not required None Partial None
The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
13 CVE-2015-7862 264 2015-10-19 2016-12-24
5.0
None Remote Low Not required None Partial None
Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors.
14 CVE-2015-7861 264 Exec Code 2015-10-19 2016-12-24
10.0
None Remote Low Not required Complete Complete Complete
Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling.
15 CVE-2015-7860 119 Exec Code Overflow 2015-10-19 2016-12-24
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling.
16 CVE-2015-7859 200 +Info 2015-10-29 2015-10-30
5.0
None Remote Low Not required Partial None None
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
17 CVE-2015-7858 89 Exec Code Sql 2015-10-29 2017-09-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
18 CVE-2015-7857 89 Exec Code Sql 2015-10-29 2017-09-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
19 CVE-2015-7856 255 2015-10-16 2015-10-19
10.0
None Remote Low Not required Complete Complete Complete
OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
20 CVE-2015-7840 264 Exec Code 2015-10-15 2016-12-03
7.5
None Remote Low Not required Partial Partial Partial
The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature.
21 CVE-2015-7839 77 Exec Code 2015-10-15 2015-10-16
7.5
None Remote Low Not required Partial Partial Partial
SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality.
22 CVE-2015-7838 20 2015-10-15 2015-10-16
10.0
None Remote Low Not required Complete Complete Complete
ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors.
23 CVE-2015-7835 264 +Priv 2015-10-30 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
24 CVE-2015-7834 DoS 2015-10-15 2016-12-24
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
25 CVE-2015-7823 2015-10-21 2015-10-23
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter.
26 CVE-2015-7822 79 XSS 2015-10-21 2015-10-22
5.0
None Remote Low Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI.
27 CVE-2015-7768 119 Exec Code Overflow 2015-10-09 2017-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.
28 CVE-2015-7767 119 DoS Exec Code Overflow 2015-10-09 2015-10-09
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command.
29 CVE-2015-7766 264 Bypass 2015-10-09 2015-10-09
9.0
None Remote Low ??? Complete Complete Complete
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
30 CVE-2015-7765 2015-10-09 2015-10-09
9.0
None Remote Low ??? Complete Complete Complete
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
31 CVE-2015-7761 200 +Info 2015-10-09 2016-12-07
5.0
None Remote Low Not required Partial None None
Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.
32 CVE-2015-7760 399 DoS 2015-10-09 2016-12-08
5.0
None Remote Low Not required None None Partial
libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761.
33 CVE-2015-7752 399 DoS 2015-10-19 2015-10-20
7.8
None Remote Low Not required None None Complete
The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D25, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D20 allows remote attackers to cause a denial of service (CPU consumption) via unspecified SSH traffic.
34 CVE-2015-7751 264 +Priv 2015-10-19 2015-10-20
6.9
None Local Medium Not required Complete Complete Complete
Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is "corrupted," which allows local users to gain root privileges by modifying the file.
35 CVE-2015-7750 20 DoS 2015-10-19 2016-12-08
5.0
None Remote Low Not required None None Partial
The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet.
36 CVE-2015-7749 20 DoS 2015-10-19 2016-12-08
7.8
None Remote Low Not required None None Complete
The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS."
37 CVE-2015-7748 20 DoS 2015-10-19 2017-10-06
5.0
None Remote Low Not required None None Partial
Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet.
38 CVE-2015-7730 119 DoS Overflow 2015-10-15 2015-10-16
10.0
None Remote Low Not required Complete Complete Complete
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
39 CVE-2015-7729 94 Exec Code 2015-10-15 2015-10-16
6.5
None Remote Low ??? Partial Partial Partial
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892.
40 CVE-2015-7727 89 Exec Code Sql 2015-10-15 2015-10-16
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898.
41 CVE-2015-7725 89 Exec Code Sql 2015-10-15 2015-10-16
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765.
42 CVE-2015-7718 DoS 2015-10-06 2015-10-07
5.0
None Remote Low Not required None None Partial
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.
43 CVE-2015-7717 264 +Priv 2015-10-06 2015-10-07
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
44 CVE-2015-7716 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873.
45 CVE-2015-7713 254 Bypass 2015-10-29 2018-11-16
5.0
None Remote Low Not required None Partial None
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
46 CVE-2015-7709 264 Exec Code Bypass 2015-10-05 2015-10-06
10.0
None Remote Low Not required Complete Complete Complete
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.
47 CVE-2015-7707 264 2015-10-05 2017-07-01
6.5
None Remote Low ??? Partial Partial Partial
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
48 CVE-2015-7699 20 Exec Code 2015-10-26 2015-10-28
9.0
None Remote Low ??? Complete Complete Complete
The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."
49 CVE-2015-7698 78 Exec Code 2015-10-21 2015-10-22
9.0
None Remote Low ??? Complete Complete Complete
icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.
50 CVE-2015-7686 20 DoS 2015-10-06 2017-07-04
7.8
None Remote Low Not required None None Complete
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments.
Total number of vulnerabilities : 507   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.