Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3939 | 1 Ids | 3 Ids Rtu 850c, Nc854, Nc856 | 2016-12-06 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file. | |||||
| CVE-2015-3942 | 1 Garrettcom | 2 Magnum 10k Firmware, Magnum 6k Firmware | 2016-12-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3949 | 1 Sinapsi | 2 Esolar Light, Esolar Light Firmware | 2016-12-06 | 2.1 LOW | N/A |
| Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page. | |||||
| CVE-2015-3950 | 1 Xzeres | 2 442sr, 442sr Os | 2016-12-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request. | |||||
| CVE-2015-3955 | 1 Hospira | 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware | 2016-12-06 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-3957 | 1 Hospira | 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware | 2016-12-06 | 4.6 MEDIUM | N/A |
| Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. | |||||
| CVE-2015-3958 | 1 Hospira | 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware | 2016-12-06 | 7.8 HIGH | N/A |
| Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets. | |||||
| CVE-2015-3959 | 1 Garrettcom | 2 Magnum 10k Firmware, Magnum 6k Firmware | 2016-12-06 | 7.2 HIGH | N/A |
| The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password. | |||||
| CVE-2015-3960 | 1 Garrettcom | 2 Magnum 10k Firmware, Magnum 6k Firmware | 2016-12-06 | 4.3 MEDIUM | N/A |
| The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation. | |||||
| CVE-2015-3961 | 1 Garrettcom | 2 Magnum 10k Firmware, Magnum 6k Firmware | 2016-12-06 | 3.5 LOW | N/A |
| The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL. | |||||
| CVE-2015-3982 | 1 Djangoproject | 1 Django | 2016-12-06 | 5.0 MEDIUM | N/A |
| The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key. | |||||
| CVE-2015-3989 | 1 Concrete5 | 1 Concrete5 | 2016-12-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors. | |||||
| CVE-2015-3993 | 1 Actian | 1 Matrix | 2016-12-06 | 6.5 MEDIUM | N/A |
| Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table. | |||||
| CVE-2015-4032 | 1 Visual Mining | 1 Netcharts Server | 2016-12-06 | 10.0 HIGH | N/A |
| projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors. | |||||
| CVE-2015-4034 | 1 Samsung | 1 Galaxy S5 | 2016-12-06 | 7.9 HIGH | N/A |
| The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object. | |||||
| CVE-2015-3343 | 1 Opac Project | 1 Opac | 2016-12-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the OPAC module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims for requests that remove a mapping via unknown vectors. | |||||
| CVE-2015-3344 | 1 Dlc Solutions | 1 Course | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2015-3346 | 1 Wikiwiki Project | 1 Wikiwiki | 2016-12-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-3347 | 1 Cloudwords | 1 Cloudwords For Multilingual | 2016-12-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims via an unknown menu callback. | |||||
| CVE-2015-3348 | 1 Cloudwords | 1 Cloudwords For Multilingual | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2015-3349 | 1 Htaccess Project | 1 Htaccess | 2016-12-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) deploy or (2) delete an .htaccess file via unspecified vectors. | |||||
| CVE-2015-3350 | 1 Todo Filter Project | 1 Todo Filter | 2016-12-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors. | |||||
| CVE-2015-3351 | 1 Log Watcher Project | 1 Log Watcher | 2016-12-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors. | |||||
| CVE-2015-3352 | 1 Jammer Project | 1 Jammer | 2016-12-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete a setting for (1) hidden form elements or (2) status messages via unspecified vectors, related to "report administration." | |||||
| CVE-2015-3353 | 1 Field Display Label Project | 1 Field Display Label | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Field Display Label module before 7.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the alternate field label in content types settings. | |||||
| CVE-2015-3354 | 1 Wishlist Project | 1 Wishlist | 2016-12-06 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors. | |||||
| CVE-2015-3355 | 1 Batch Jobs Project | 1 Batch Jobs | 2016-12-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Batch Jobs module before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of certain users for requests that (1) delete a batch job record or (2) execute a task via unspecified vectors. | |||||
| CVE-2015-3356 | 1 Tadaa\! Project | 1 Tadaa\! | 2016-12-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) enable or (2) disable modules or (3) change variables via unspecified vectors. | |||||
| CVE-2015-3358 | 1 Tadaa\! Project | 1 Tadaa\! | 2016-12-06 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter, related to callbacks that (1) enable and disable modules or (2) change variables. | |||||
| CVE-2015-3359 | 1 Room Reservations Project | 1 Room Reservations | 2016-12-06 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Room Reservations module before 7.x-1.1 for Drupal allow remote authenticated users with the "Administer the room reservations system" permission to inject arbitrary web script or HTML via the (1) node title of a "Room Reservations Category" or (2) body of a "Room Reservations Room" node. | |||||
| CVE-2015-3360 | 1 Term Merge Project | 1 Term Merge | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3362 | 1 Video Project | 1 Video | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2015-3363 | 1 Joshics | 1 Contact Form Fields | 2016-12-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors. | |||||
| CVE-2015-3364 | 1 Levelteninteractive | 1 Content Analysis | 2016-12-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message. | |||||
| CVE-2015-3365 | 1 Nodeauthor Project | 1 Nodeauthor | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block. | |||||
| CVE-2015-3366 | 1 Alfresco | 1 Alfresco | 2016-12-06 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors. | |||||
| CVE-2015-3367 | 1 Patterns | 1 Patterns | 2016-12-06 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) restore, (2) publish, or (3) unpublish a pattern via unspecified vectors. | |||||
| CVE-2015-3368 | 1 Osinet | 1 Classified Ads | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a category name. | |||||
| CVE-2015-3369 | 1 Taxonews Project | 1 Taxonews | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a term name in a block. | |||||
| CVE-2015-3370 | 1 Node Invite Project | 1 Node Invite | 2016-12-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via unspecified vectors. | |||||
| CVE-2015-3371 | 1 Node Invite Project | 1 Node Invite | 2016-12-06 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. | |||||
| CVE-2015-3372 | 1 Node Invite Project | 1 Node Invite | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2015-3373 | 1 Amazon Aws Project | 1 Amazon Aws | 2016-12-06 | 5.0 MEDIUM | N/A |
| The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL. | |||||
| CVE-2015-3374 | 1 Corner Project | 1 Corner | 2016-12-06 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable corners via unspecified vectors. | |||||
| CVE-2015-3375 | 1 Niif | 1 Shibboleth Authentication | 2016-12-06 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors. | |||||
| CVE-2015-3376 | 1 Quizzler Project | 1 Quizzler | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Quizzler module before 7-x.1.16 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2015-3380 | 1 Funnymonkey | 1 Feature Set | 2016-12-06 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable a module via unspecified vectors. | |||||
| CVE-2015-3381 | 1 Insite | 1 Node Basket | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3382 | 1 Insite | 1 Node Basket | 2016-12-06 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2) remove nodes from a basket via unspecified vectors. | |||||
| CVE-2015-3383 | 1 Insite | 1 Node Basket | 2016-12-06 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Node basket module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||