Vulnerabilities > 7PK - Security Features
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-08-29 | CVE-2015-4498 | 7PK - Security Features vulnerability in Mozilla Firefox and Firefox ESR The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process. | 7.5 |
| 2015-08-18 | CVE-2015-5501 | 7PK - Security Features vulnerability in Aegirproject Hostmaster The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment. | 7.5 |
| 2015-08-17 | CVE-2015-5759 | 7PK - Security Features vulnerability in Apple Iphone OS WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | 5.0 |
| 2015-08-16 | CVE-2015-3756 | 7PK - Security Features vulnerability in Apple Iphone OS The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog. | 2.1 |
| 2015-08-16 | CVE-2015-3755 | 7PK - Security Features vulnerability in Apple Iphone OS and Safari WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | 4.3 |
| 2015-08-16 | CVE-2015-3751 | 7PK - Security Features vulnerability in Apple Iphone OS and Safari WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. | 5.0 |
| 2015-08-16 | CVE-2015-3750 | 7PK - Security Features vulnerability in Apple Iphone OS and Safari WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. | 6.4 |
| 2015-08-16 | CVE-2015-3729 | 7PK - Security Features vulnerability in Apple Safari Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. | 4.3 |
| 2015-07-20 | CVE-2014-9196 | 7PK - Security Features vulnerability in Eaton Proview Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | 9.3 |
| 2015-07-16 | CVE-2015-3449 | 7PK - Security Features vulnerability in SAP Afaria 7.0.6398.0 The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file. | 7.2 |