|
269361
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.
|
CWE-399
Resource Management Errors
|
CVE-2015-6925
|
2024-11-21 11:35 |
2016-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269362
|
7.3 |
HIGH
Network
|
php
|
php
|
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary…
|
NVD-CWE-Other
|
CVE-2015-6836
|
2024-11-21 11:35 |
2016-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269363
|
7.5 |
HIGH
Network
|
php
|
php
|
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a …
|
CWE-22
Path Traversal
|
CVE-2015-6833
|
2024-11-21 11:35 |
2016-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269364
|
7.3 |
HIGH
Network
|
php
|
php
|
Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitra…
|
NVD-CWE-Other
|
CVE-2015-6832
|
2024-11-21 11:35 |
2016-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269365
|
7.3 |
HIGH
Network
|
php
debian
|
php
debian_linux
|
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObjec…
|
CWE-416
Use After Free
|
CVE-2015-6831
|
2024-11-21 11:35 |
2016-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269366
|
7.3 |
HIGH
Network
|
php
|
php
|
The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplac…
|
NVD-CWE-noinfo
|
CVE-2015-6527
|
2024-11-21 11:35 |
2016-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269367
|
6.3 |
MEDIUM
Network
|
hp
|
arcsight_logger
|
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
|
CWE-20
Improper Input Validation
|
CVE-2015-6864
|
2024-11-21 11:35 |
2016-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269368
|
7.3 |
HIGH
Network
|
hp
|
arcsight_logger
|
HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
|
CWE-20
Improper Input Validation
|
CVE-2015-6863
|
2024-11-21 11:35 |
2016-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269369
|
8.1 |
HIGH
Network
|
advantech
|
webaccess
|
Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.
|
NVD-CWE-noinfo
|
CVE-2015-6467
|
2024-11-21 11:35 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269370
|
8.4 |
HIGH
Local
|
zarafa
fedoraproject
|
zarafa_collaboration_platform
fedora
|
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
|
CWE-59
Link Following
|
CVE-2015-6566
|
2024-11-21 11:35 |
2016-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
