CVE-2015-5501

HIGH Year: 2015
CVSS v2 Score
7.5
High
Weakness Type
CWE-254
View all →

Vulnerability Description

The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment.

Related Vulnerabilities

CVE-2016-5788

CRITICAL
CVSS:10.0(Critical)

General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via ...

CWE-2542016

CVE-2011-3145

CRITICAL
CVSS:9.8(Critical)

When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of th...

CWE-2542011

CVE-2011-4889

CRITICAL
CVSS:9.8(Critical)

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does n...

CWE-2542011

CVE-2014-5334

CRITICAL
CVSS:9.8(Critical)

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.

CWE-2542014

CVE-2015-6473

CRITICAL
CVSS:9.8(Critical)

WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.

CWE-2542015

CVE-2015-7554

CRITICAL
CVSS:9.8(Critical)

The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field dat...

CWE-2542015