The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2015-1559 | Multiple cross-site request forgery (CSRF) vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that (1) delete modules via the delete_module parameter, (2) deactivate modules via the deactivate_module parameter, (3) activate modules via the activate_module parameter, (4) delete users via the delete_user parameter, (5) deactivate users via the deactivate_user parameter, (6) activate users via the activate_user parameter, (7) activate themes via the set_theme parameter, (8) deactivate themes via the set_theme parameter, (9) delete themes via the delete parameter, (10) deactivate events (user registration or email activation) via the deactivate_notification parameter, (11) activate events via the activate_notification parameter, (12) delete events via the delete_notification parameter, (13) deactivate language settings via the deactivate_language parameter, (14) activate language settings via the activate_language parameter, (15) delete language settings via the delete_language parameter, or (16) activate or deactivate the autologin feature for a user via a crafted maintenance request. | Medium | Feb 11, 2015 |
| CVE-2015-1558 | Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs. | Low | Feb 9, 2015 |
| CVE-2015-1555 | Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators. | MEDIUM | Aug 7, 2017 |
| CVE-2015-1554 | kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash). | Medium | Sep 5, 2017 |
| CVE-2015-1551 | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. | Medium | May 29, 2015 |
| CVE-2015-1550 | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. | High | May 29, 2015 |
| CVE-2015-1548 | mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. | Medium | Feb 11, 2015 |
| CVE-2015-1547 | The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. | Medium | Apr 19, 2016 |
| CVE-2015-1546 | Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.<a href=http://cwe.mitre.org/data/definitions/415.html>CWE - CWE-415: Double Free</a> | Medium | Feb 23, 2015 |
| CVE-2015-1545 | The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.<a href=http://cwe.mitre.org/data/definitions/476.html>CWE-476: NULL Pointer Dereference</a> | Medium | Feb 20, 2015 |
| CVE-2015-1541 | The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745. | Medium | Oct 1, 2015 |
| CVE-2015-1539 | Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. | High | Oct 1, 2015 |
| CVE-2015-1538 | Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. | High | Oct 1, 2015 |
| CVE-2015-1537 | Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. | High | Oct 6, 2017 |
| CVE-2015-1536 | Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945. | High | Oct 1, 2015 |
| CVE-2015-1530 | media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. | MEDIUM | Jan 28, 2020 |
| CVE-2015-1529 | Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors. | MEDIUM | May 23, 2017 |
| CVE-2015-1528 | Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482. | High | Oct 1, 2015 |
| CVE-2015-1527 | Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | Medium | Sep 21, 2017 |
| CVE-2015-1526 | The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | High | Oct 6, 2017 |
| CVE-2015-1525 | audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. | MEDIUM | Jan 28, 2020 |
| CVE-2015-1522 | analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet. | MEDIUM | Apr 24, 2017 |
| CVE-2015-1521 | analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure) via a crafted DNP3 packet. | MEDIUM | Apr 24, 2017 |
| CVE-2015-1518 | SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | High | Feb 12, 2015 |
| CVE-2015-1517 | SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a Refresh photo set action in the batch_manager page to admin.php. | Medium | Feb 23, 2015 |
| CVE-2015-1516 | Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Low | Sep 4, 2015 |
| CVE-2015-1515 | The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call. | High | Feb 20, 2015 |
| CVE-2015-1514 | Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php. | High | Feb 9, 2015 |
| CVE-2015-1513 | SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. | High | Feb 9, 2015 |
| CVE-2015-1512 | Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the (1) LoginForm[username] to ui/system/login or the (2) order or (3) myorgs to index.php. | Medium | Feb 9, 2015 |
| CVE-2015-1503 | Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php. | HIGH | May 8, 2018 |
| CVE-2015-1501 | The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary. | Medium | Feb 17, 2015 |
| CVE-2015-1500 | Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load. | Medium | Feb 17, 2015 |
| CVE-2015-1499 | The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | High | Feb 20, 2015 |
| CVE-2015-1498 | Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via a addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or other unspecified impact. | High | Feb 17, 2015 |
| CVE-2015-1497 | radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465. | High | Feb 17, 2015 |
| CVE-2015-1496 | Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. | High | Feb 17, 2015 |
| CVE-2015-1495 | Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. | Medium | Feb 17, 2015 |
| CVE-2015-1494 | The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the mfbfw parameter in an update action to wp-admin/admin-post.php, as exploited in the wild in February 2015. | Medium | Feb 18, 2015 |
| CVE-2015-1493 | Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts. | Medium | Jun 2, 2015 |
| CVE-2015-1492 | Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. | HIGH | Jul 31, 2015 |
| CVE-2015-1491 | SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | MEDIUM | Jul 31, 2015 |
| CVE-2015-1490 | Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package. | MEDIUM | Jul 31, 2015 |
| CVE-2015-1489 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | HIGH | Jul 31, 2015 |
| CVE-2015-1488 | An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors. | MEDIUM | Jul 31, 2015 |
| CVE-2015-1487 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename. | MEDIUM | Jul 31, 2015 |
| CVE-2015-1486 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | HIGH | Jul 31, 2015 |
| CVE-2015-1485 | Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators. | Medium | Jun 29, 2015 |
| CVE-2015-1484 | Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.<a href=http://cwe.mitre.org/data/definitions/426.html>CWE-426: Untrusted Search Path</a> | Medium | Apr 23, 2015 |
| CVE-2015-1483 | Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | High | Mar 12, 2015 |
