CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4886 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integri… | |||
| CVE-2015-4827 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Retail Open Commerce Platform component in Oracle Retail Applications 3.0 allows remote attackers to affect confidentiality and integrity via unknown vectors r… | |||
| CVE-2015-4806 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | |||
| CVE-2015-5662 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. | |||
| CVE-2015-3847 | medium | — | 6.4 | 11y ago | Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | |||
| CVE-2015-4520 | medium | — | 6.4 | 11y ago | Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of… | |||
| CVE-2015-4512 | medium | — | 6.4 | 11y ago | gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface disp… | |||
| CVE-2015-4504 | medium | — | 6.4 | 11y ago | The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and applica… | |||
| CVE-2015-6285 | medium | — | 6.4 | 11y ago | Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifi… | |||
| CVE-2015-2484 | medium | — | 6.4 | 11y ago | Microsoft Internet Explorer 10 and 11 uses an incorrect flag during certain filesystem accesses, which allows remote attackers to delete arbitrary files via unspecified vectors, aka "Tampering Vulner… | |||
| CVE-2015-1291 | medium | — | 6.4 | 11y ago | The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote atta… | |||
| CVE-2015-6563 | medium | 6.4 | 6.4 | 11y ago | The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation a… | |||
| CVE-2015-4302 | medium | — | 6.4 | 11y ago | The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390. | |||
| CVE-2015-4670 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (d… | |||
| CVE-2015-3750 | medium | — | 6.4 | 11y ago | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mech… | |||
| CVE-2015-2323 | medium | — | 6.4 | 11y ago | FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle att… | |||
| CVE-2015-4289 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSC… | |||
| CVE-2015-2653 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affec… | |||
| CVE-2015-2581 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.1 and 5.2 allows remote attackers to affect confidentiality and availability via unknown vectors rel… | |||
| CVE-2015-4271 | medium | — | 6.4 | 11y ago | Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604. | |||
| CVE-2015-2970 | medium | — | 6.4 | 11y ago | index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary files via the oekakis parameter. | |||
| CVE-2015-5461 | medium | — | 6.4 | 11y ago | Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and … | |||
| CVE-2015-2966 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in the Droidware UK Explorer+ File Manager application before 2.3.3 for Android allows remote attackers to write to arbitrary files via unspecified vectors. | |||
| CVE-2015-4209 | medium | — | 6.4 | 11y ago | Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and… | |||
| CVE-2015-3237 | medium | — | 6.4 | 11y ago | The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and cra… | |||
| CVE-2015-4641 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and cons… | |||
| CVE-2015-4152 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references … | |||
| CVE-2015-2958 | medium | — | 6.4 | 11y ago | Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulne… | |||
| CVE-2015-2950 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. | |||
| CVE-2015-1921 | medium | — | 6.4 | 11y ago | Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a… | |||
| CVE-2015-3085 | medium | — | 6.4 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-3294 | medium | — | 6.4 | 11y ago | The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of se… | |||
| CVE-2015-1100 | medium | — | 6.4 | 11y ago | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content i… | |||
| CVE-2015-1473 | medium | — | 6.4 | 11y ago | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca functi… | |||
| CVE-2015-0993 | medium | — | 6.4 | 11y ago | Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||
| CVE-2015-2814 | medium | — | 6.4 | 11y ago | SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl,… | |||
| CVE-2015-0811 | medium | — | 6.4 | 11y ago | The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image … | |||
| CVE-2015-2106 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial o… | |||
| CVE-2015-0250 | medium | — | 6.4 | 11y ago | Improper Input Validation in Apache Batik | |||
| CVE-2015-0670 | medium | — | 6.4 | 11y ago | The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or origin… | |||
| CVE-2015-0669 | medium | — | 6.4 | 11y ago | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service out… | |||
| CVE-2015-2304 | medium | — | 6.4 | 11y ago | Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. | |||
| CVE-2015-1464 | medium | — | 6.4 | 11y ago | RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. | |||
| CVE-2015-0888 | medium | — | 6.4 | 11y ago | KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors. | |||
| CVE-2015-0255 | medium | — | 6.4 | 12y ago | X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via … | |||
| CVE-2015-0552 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demon… | |||
| CVE-2015-6918 | medium | 6.3 | 6.3 | 9y ago | salt before 2015.5.5 leaks git usernames and passwords to the log. | |||
| CVE-2015-2826 | medium | 5.3 | 6.3 | 9y ago | WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information. | |||
| CVE-2015-4071 | medium | 5.3 | 6.3 | 9y ago | The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/… | |||
| CVE-2015-7769 | medium | 6.3 | 6.3 | 10y ago | baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2015-6864 | medium | 6.3 | 6.3 | 11y ago | HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | |||
| CVE-2015-5471 | medium | 5.3 | 6.3 | 11y ago | Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file par… | |||
| CVE-2015-6933 | medium | 6.3 | 6.3 | 11y ago | The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 all… | |||
| CVE-2015-8740 | medium | 5.3 | 6.3 | 11y ago | The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers… | |||
| CVE-2015-7791 | medium | 6.3 | 6.3 | 11y ago | Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[colum… | |||
| CVE-2015-6263 | medium | — | 6.3 | 11y ago | The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, … | |||
| CVE-2015-5200 | medium | — | 6.3 | 11y ago | The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors. | |||
| CVE-2015-0771 | medium | — | 6.3 | 11y ago | The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted … | |||
| CVE-2015-0687 | medium | — | 6.3 | 11y ago | The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of servi… | |||
| CVE-2015-0686 | medium | — | 6.3 | 11y ago | The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (dev… | |||
| CVE-2015-7975 | medium | 6.2 | 6.2 | 10y ago | The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). | |||
| CVE-2015-8872 | medium | 6.2 | 6.2 | 10y ago | The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clu… | |||
| CVE-2015-1339 | medium | 6.2 | 6.2 | 10y ago | Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified oth… | |||
| CVE-2015-1776 | medium | 6.2 | 6.2 | 10y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop | |||
| CVE-2015-5969 | medium | 6.2 | 6.2 | 10y ago | The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 … | |||
| CVE-2015-8785 | medium | 6.2 | 6.2 | 11y ago | The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero lengt… | |||
| CVE-2015-8767 | medium | 6.2 | 6.2 | 11y ago | net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a c… | |||
| CVE-2015-8675 | medium | 6.2 | 6.2 | 11y ago | Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password informa… | |||
| CVE-2015-6646 | medium | 6.2 | 6.2 | 11y ago | The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction be… | |||
| CVE-2015-4820 | medium | — | 6.2 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnera… | |||
| CVE-2015-4817 | medium | — | 6.2 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver. | |||
| CVE-2015-3339 | medium | — | 6.2 | 11y ago | Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root… | |||
| CVE-2015-4707 | medium | 6.1 | 6.1 | 4y ago | Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path. | |||
| CVE-2015-7668 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_i… | |||
| CVE-2015-7667 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote att… | |||
| CVE-2015-7666 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro … | |||
| CVE-2015-7324 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web sc… | |||
| CVE-2015-6502 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login … | |||
| CVE-2015-5532 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s… | |||
| CVE-2015-6961 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/l… | |||
| CVE-2015-7943 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote atta… | |||
| CVE-2015-7980 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related t… | |||
| CVE-2015-7357 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier… | |||
| CVE-2015-7349 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2015-7391 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date pa… | |||
| CVE-2015-5169 | medium | 6.1 | 6.1 | 9y ago | Cross-site Scripting in Apache Struts | |||
| CVE-2015-7316 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. | |||
| CVE-2015-6748 | medium | 6.1 | 6.1 | 9y ago | Improper Neutralization of Input During Web Page Generation in Jsoup | |||
| CVE-2015-5282 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. | |||
| CVE-2015-4706 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path. | |||
| CVE-2015-3296 | medium | 6.1 | 6.1 | 9y ago | NodeBB Cross-site Scripting Vulnerability in Markdown Processing | |||
| CVE-2015-5608 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. | |||
| CVE-2015-3880 | medium | 6.1 | 6.1 | 9y ago | phpBB Open Redirect | |||
| CVE-2015-3432 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS V… | |||
| CVE-2015-3299 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original se… | |||
| CVE-2015-2750 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi… | |||
| CVE-2015-2749 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination pa… | |||
| CVE-2015-8354 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to… | |||
| CVE-2015-8353 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-obj… | |||
| CVE-2015-8350 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab paramet… |