CVE-2015-2023
published 2016-01-02CVE-2015-2023: Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
PriorityP347high8.8CVSS 3.0
AVLACLPRLUINSCCHIHAH
EXPLOIT
EPSS
1.54%
71.7th percentile
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gitlab | gitlab | — | — |
| gitlab | gitlab_ce | — | — |
| ibm | i_access | — | — |
| msrc | cbl2_cpio_2.13-5_on_cbl_mariner_2.0 | — | — |
| msrc | skype_for_business_server_2015_cu13 | — | — |
| msrc | skype_for_business_server_2019_cu7 | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
cisa7.5HIGH
vendor_msrc7.2HIGH
vendor_redhat1.9LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rch7-85c7-27x6: Buffer overflow in IBM i Access 7
ghsa_unreviewed·2022-05-17
CVE-2015-2023 [HIGH] CWE-119 GHSA-rch7-85c7-27x6: Buffer overflow in IBM i Access 7
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2022-22965 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
Microsoft
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provide
vendor_msrc·2024-01-09·CVSS 4.9
CVE-2023-7207 [LOW] CWE-22 Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provide
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional
Red Hat
cpio: path traversal vulnerability
vendor_redhat·2024-01-04·CVSS 1.9
CVE-2023-7207 [LOW] CWE-22 cpio: path traversal vulnerability
cpio: path traversal vulnerability
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
A flaw was found in cpio. The fix for CVE-2015-1197 created other issues, and the patch to fix this issue was reverted, causing a regression when the --no-absolute-filenames command line option is used, resulting in a path traversal vulnerability.
Mitigation: Do not process untrusted archives with the cpio program.
Package: cpio (Red Hat Enterprise Linux 6) - Out of support scope
Package: cpio (Red Hat Enterprise Linux 7) - Out of support scope
Package: cpio (Red Hat Enterprise Linux 8) - Will not fix
Package:
Microsoft
Skype for Business Remote Code Execution Vulnerability
vendor_msrc·2023-10-10·CVSS 7.2
CVE-2023-36786 [HIGH] CWE-36 Skype for Business Remote Code Execution Vulnerability
Skype for Business Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
An attacker could exploit this path traversal vulnerability by leveraging the OcsPowershell endpoint within Skype for Business Server 2019 CU7 Hotfix 2 and Skype for Business Server 2015 CU13 Hotfix 1.
Exploitation of this vulnerability requires the authenticated remote user be granted either the CsVoiceAdministrator or CsServerAdministrator role in order to create arbitrary files on the server.
This exploit would allow the attacker to execute arbitrary code on the server.
FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires the attacker or targeted user to be gran
GitLab
CVE-2023-2015: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7
vendor_gitlab·2023-06-07·CVSS 4.4
CVE-2023-2015 [MEDIUM] CWE-79 CVE-2023-2015: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7
CVE-2023-2015: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims.
CISA
Jenkins User Interface (UI) Information Disclosure Vulnerability
cisa·2023-05-12·CVSS 7.5
CVE-2015-5317 [HIGH] CWE-200 Jenkins User Interface (UI) Information Disclosure Vulnerability
Vulnerability: Jenkins User Interface (UI) Information Disclosure Vulnerability
Affected: Jenkins Jenkins User Interface (UI)
Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.
Required Action: Apply updates per vendor instructions.
Notes: https://www.jenkins.io/security/advisory/2015-11-11/; https://nvd.nist.gov/vuln/detail/CVE-2015-5317
Remediation Due Date: 2023-06-02
Suricata
ET EXPLOIT D-Link TRENDnet NCC Service Command Injection Attempt (CVE-2015-1187)
suricata·2023-11-08·CVSS 9.8
CVE-2015-1187 [CRITICAL] ET EXPLOIT D-Link TRENDnet NCC Service Command Injection Attempt (CVE-2015-1187)
ET EXPLOIT D-Link TRENDnet NCC Service Command Injection Attempt (CVE-2015-1187)
Rule: alert http any any -> $HOME_NET any (msg:"ET EXPLOIT D-Link TRENDnet NCC Service Command Injection Attempt (CVE-2015-1187)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/ping.cpp"; endswith; http.request_body; content:"&ping_addr=|24 28|"; fast_pattern; reference:url,www.fortinet.com/blog/threat-research/Iz1h9-campaign-enhances-arsenal-with-scores-of-exploits; reference:cve,2015-1187; classtype:attempted-admin; sid:2049118; rev:2; metadata:affected_product D_Link, attack_target Networking_Equipment, created_at 2023_11_08, cve CVE_2015_1187, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2024_05_22, reviewed_a
Suricata
ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M1
suricata·2015-08-01·CVSS 7.8
CVE-2015-5477 [HIGH] ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M1
ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M1
Rule: alert udp any any -> any 53 (msg:"ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M1"; content:"|01 00 00 01 00 01|"; depth:6; offset:2; pcre:"/^.{4}[^\x00]+\x00/R"; content:"|00 f9|"; within:2; fast_pattern; pcre:"/^..[^\x00]+\x00/Rs"; content:!"|00 f9|"; within:2; threshold: type limit, track by_src, seconds 60, count 1; reference:cve,2015-5477; classtype:attempted-dos; sid:2021572; rev:3; metadata:created_at 2015_08_01, cve CVE_2015_5477, confidence Medium, signature_severity Major, updated_at 2023_05_24;)
Suricata
ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M3
suricata·2015-08-01·CVSS 7.8
CVE-2015-5477 [HIGH] ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M3
ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M3
Rule: alert udp any any -> any 53 (msg:"ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M3"; content:"|00 00 00 01 00 01|"; depth:6; offset:2; pcre:"/^.{4}[^\x00]+\x00/R"; content:"|00 f9|"; within:2; fast_pattern; pcre:"/^..[^\x00]+\x00/Rs"; content:!"|00 f9|"; within:2; threshold: type limit, track by_src, seconds 60, count 1; reference:cve,2015-5477; classtype:attempted-dos; sid:2021574; rev:3; metadata:created_at 2015_08_01, cve CVE_2015_5477, confidence Medium, signature_severity Major, updated_at 2023_05_24;)
Suricata
ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M2
suricata·2015-08-01·CVSS 7.8
CVE-2015-5477 [HIGH] ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M2
ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M2
Rule: alert udp any any -> any 53 (msg:"ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M2"; content:"|01 00 00 01|"; depth:4; offset:2; content:"|00 01|"; distance:4; within:2; pcre:"/^[^\x00]+\x00/R"; content:"|00 f9|"; within:2; fast_pattern; pcre:"/^..[^\x00]+\x00/Rs"; content:!"|00 f9|"; within:2; threshold: type limit, track by_src, seconds 60, count 1; reference:cve,2015-5477; classtype:attempted-dos; sid:2021573; rev:4; metadata:created_at 2015_08_01, cve CVE_2015_5477, confidence Medium, signature_severity Major, updated_at 2023_05_24;)
Exploit-DB
PHPMyAdmin 3.0 - Bruteforce Login Bypass
exploitdb·2025-08-18·CVSS 5.0
CVE-2015-6830 [MEDIUM] PHPMyAdmin 3.0 - Bruteforce Login Bypass
PHPMyAdmin 3.0 - Bruteforce Login Bypass
---
"""
Exploit-Title: PHPMyAdmin 3.0 - Bruteforce Login Bypass
Author: Nikola Markovic ([email protected])
Date: 2023
Google-Dork: intext: phpMyAdmin
Vendor: https://www.phpmyadmin.net/
Version: >3.0 & 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1
Tested on: win/linux/unix
Python-Version: 3.0
CVE : CVE-2015-6830
"""
import urllib.request
import urllib.parse
import urllib
import threading
import http.cookiejar
import re
import sys
def CheckLogin(target):
passwords = ["123"]
try:
for password in passwords:
print("Try Host: "+target+" with Combo: root/"+password+"!\n")
load_token = urllib.request.Request(target)
fetch_token = urllib.request.urlopen(load_token,timeout=2).read()
token = re.findall(r'name="token" value="([\w\.-]+)"',fetch_token.
Exploit-DB
IBM i Access 7.1 - Local Buffer Overflow / Code Execution
exploitdb·2015-11-18·CVSS 8.8
CVE-2015-7422 [HIGH] IBM i Access 7.1 - Local Buffer Overflow / Code Execution
IBM i Access 7.1 - Local Buffer Overflow / Code Execution
---
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/IBMI-CLIENT-ACCESS-BUFFER-OVERFLOW.txt
Vendor:
www.ibm.com
Product:
IBM i Access for Windows
Release 7.1 of IBM i Access for Windows is affected
Vulnerability Type:
Stack Buffer Overflow
Arbitrary Code Exec
CVE Reference:
CVE-2015-2023
Vulnerability Details:
IBM i Access for Windows is vulnerable to a buffer overflow. A local
attacker could overflow a buffer and execute arbitrary code on the Windows PC.
client Access has ability to receive remote commands via "Cwbrxd.exe"
service
Ref: http://www-01.ibm.com/support/docview.wss?uid=nas8N1019253
"Incoming remote command was designed for r
Nuclei
Skype for Business 2019 (SfB) - Blind Server-side Request Forgery
nuclei·CVSS 5.3
CVE-2023-41763 [MEDIUM] Skype for Business 2019 (SfB) - Blind Server-side Request Forgery
Skype for Business 2019 (SfB) - Blind Server-side Request Forgery
Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability
Template:
id: CVE-2023-41763
info:
name: Skype for Business 2019 (SfB) - Blind Server-side Request Forgery
author: hateshape
severity: medium
description: |
Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability
impact: |
Unauthenticated attackers can exploit blind SSRF vulnerabilities through the meeturl parameter to make the Skype for Business server probe internal network resources, potentially discovering internal services and infrastructure topology.
remediation: |
Apply Microsoft security patches for Skype for Business Server 2015 and 2019 that validate and restrict URL parameters in the LwaClient.aspx endpoint.
reference:
- https://frycos.git
Nuclei
Openfire Administration Console - Authentication Bypass
nuclei·CVSS 7.5
CVE-2023-32315 [HIGH] Openfire Administration Console - Authentication Bypass
Openfire Administration Console - Authentication Bypass
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.
Template:
id: CVE-2023-32315
info:
name: Openfire Administration Console - Authentication Bypass
author: vsh00t
severity: high
description: |
Openfire is an XMPP server l
No writeups or analysis indexed.
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020996http://www-01.ibm.com/support/docview.wss?uid=swg1SI57907https://www.exploit-db.com/exploits/38751/http://www-01.ibm.com/support/docview.wss?uid=nas8N1020996http://www-01.ibm.com/support/docview.wss?uid=swg1SI57907https://www.exploit-db.com/exploits/38751/
2016-01-02
Published