|
273371
|
- |
|
apple
|
iphone_os
|
Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
|
CWE-22
Path Traversal
|
CVE-2015-7037
|
2024-11-21 11:36 |
2015-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273372
|
- |
|
apple
|
watchos
iphone_os
tvos
mac_os_x
|
AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-7001
|
2024-11-21 11:36 |
2015-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273373
|
- |
|
ztree_project
|
ztree
|
Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to demo/en/asyncData/getNodesForBig…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7348
|
2024-11-21 11:36 |
2015-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273374
|
- |
|
csl_dualcom
|
gprs_cs2300-r_firmware
|
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command.
|
CWE-254
7PK - Security Features
|
CVE-2015-7288
|
2024-11-21 11:36 |
2015-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273375
|
- |
|
csl_dualcom
|
gprs_cs2300-r_firmware
|
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by lever…
|
CWE-255
Credentials Management
|
CVE-2015-7287
|
2024-11-21 11:36 |
2015-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273376
|
- |
|
csl_dualcom
|
gprs_cs2300-r_firmware
|
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographi…
|
CWE-310
Cryptographic Issues
|
CVE-2015-7286
|
2024-11-21 11:36 |
2015-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273377
|
- |
|
csl_dualcom
|
gprs_cs2300-r_firmware
|
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended …
|
CWE-287
Improper Authentication
|
CVE-2015-7285
|
2024-11-21 11:36 |
2015-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273378
|
- |
|
fedoraproject
gnome
|
fedora
gnome_display_manager
|
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-7496
|
2024-11-21 11:36 |
2015-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273379
|
- |
|
apple
|
mac_os_x
iphone_os
|
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via …
|
CWE-20
Improper Input Validation
|
CVE-2015-7036
|
2024-11-21 11:36 |
2015-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273380
|
- |
|
arris
|
na_model_862_gw_mono_firmware
|
Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 all…
|
CWE-352
Origin Validation Error
|
CVE-2015-7291
|
2024-11-21 11:36 |
2015-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
