CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1365 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter. | |||
| CVE-2015-0393 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confide… | |||
| CVE-2015-0514 | medium | — | 6.0 | 12y ago | EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decrypt… | |||
| CVE-2015-0922 | medium | — | 6.0 | 12y ago | McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by … | |||
| CVE-2015-3229 | medium | 5.9 | 5.9 | 9y ago | fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates. | |||
| CVE-2015-6358 | medium | 5.9 | 5.9 | 9y ago | Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct ma… | |||
| CVE-2015-7778 | medium | 5.9 | 5.9 | 9y ago | Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. | |||
| CVE-2015-1027 | medium | 5.9 | 5.9 | 9y ago | The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response… | |||
| CVE-2015-7256 | medium | 5.9 | 5.9 | 9y ago | ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-… | |||
| CVE-2015-0874 | medium | 5.9 | 5.9 | 9y ago | Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted cer… | |||
| CVE-2015-8251 | medium | 5.9 | 5.9 | 9y ago | OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone… | |||
| CVE-2015-7785 | medium | 5.9 | 5.9 | 9y ago | GANMA! App for iOS does not verify SSL certificates. | |||
| CVE-2015-5666 | medium | 5.9 | 5.9 | 9y ago | ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | |||
| CVE-2015-7315 | medium | 5.9 | 5.9 | 9y ago | Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registratio… | |||
| CVE-2015-1849 | medium | 5.9 | 5.9 | 9y ago | AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential pas… | |||
| CVE-2015-3420 | medium | 5.9 | 5.9 | 9y ago | The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | |||
| CVE-2015-8316 | medium | 5.9 | 5.9 | 9y ago | Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMC… | |||
| CVE-2015-2943 | medium | 5.9 | 5.9 | 9y ago | Honda Moto LINC 1.6.1 does not verify SSL certificates. | |||
| CVE-2015-0210 | medium | 5.9 | 5.9 | 9y ago | wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | |||
| CVE-2015-5293 | medium | 5.9 | 5.9 | 9y ago | Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a … | |||
| CVE-2015-2674 | medium | 5.9 | 5.9 | 9y ago | Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument. | |||
| CVE-2015-7852 | medium | 5.9 | 5.9 | 9y ago | ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. | |||
| CVE-2015-3642 | medium | 5.9 | 5.9 | 9y ago | The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.… | |||
| CVE-2015-0904 | medium | 5.9 | 5.9 | 9y ago | The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. | |||
| CVE-2015-2255 | medium | 5.9 | 5.9 | 9y ago | Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE … | |||
| CVE-2015-8762 | medium | 5.9 | 5.9 | 9y ago | The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. | |||
| CVE-2015-8985 | medium | 5.9 | 5.9 | 9y ago | The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to … | |||
| CVE-2015-8984 | medium | 5.9 | 5.9 | 9y ago | The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which trig… | |||
| CVE-2015-6671 | medium | 5.9 | 5.9 | 9y ago | Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveragi… | |||
| CVE-2015-8158 | medium | 5.9 | 5.9 | 10y ago | The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. | |||
| CVE-2015-7977 | medium | 5.9 | 5.9 | 10y ago | ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | |||
| CVE-2015-8288 | medium | 5.9 | 5.9 | 10y ago | NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote att… | |||
| CVE-2015-8878 | medium | 5.9 | 5.9 | 10y ago | main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory c… | |||
| CVE-2015-8838 | medium | 5.9 | 5.9 | 10y ago | ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof serve… | |||
| CVE-2015-3152 | medium | 5.9 | 5.9 | 10y ago | Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle atta… | |||
| CVE-2015-8099 | medium | 5.9 | 5.9 | 10y ago | F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 1… | |||
| CVE-2015-6551 | medium | 5.9 | 5.9 | 10y ago | Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server… | |||
| CVE-2015-5370 | medium | 5.9 | 5.9 | 10y ago | Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a… | |||
| CVE-2015-2774 | medium | 5.9 | 5.9 | 10y ago | Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle … | |||
| CVE-2015-3197 | medium | 5.9 | 5.9 | 10y ago | ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection… | |||
| CVE-2015-7488 | medium | 5.9 | 5.9 | 11y ago | IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors. | |||
| CVE-2015-7744 | medium | 5.9 | 5.9 | 11y ago | wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimization… | |||
| CVE-2015-8749 | medium | 5.9 | 5.9 | 11y ago | The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message … | |||
| CVE-2015-7575 | medium | 5.9 | 5.9 | 11y ago | Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in T… | |||
| CVE-2015-2913 | medium | 5.9 | 5.9 | 11y ago | OrientDB Server Community Edition uses insufficiently random values to generate session IDs | |||
| CVE-2015-7249 | medium | 4.9 | 5.9 | 11y ago | ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support a… | |||
| CVE-2015-8254 | medium | 5.9 | 5.9 | 11y ago | The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2)… | |||
| CVE-2015-8252 | medium | 5.9 | 5.9 | 11y ago | The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and perfo… | |||
| CVE-2015-6409 | medium | 5.9 | 5.9 | 11y ago | Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSC… | |||
| CVE-2015-5619 | medium | 5.9 | 5.9 | 11y ago | Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obt… | |||
| CVE-2015-4425 | medium | — | 5.9 | 11y ago | Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir param… | |||
| CVE-2015-1828 | medium | 5.9 | 5.9 | 11y ago | The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack. | |||
| CVE-2015-2145 | medium | 4.8 | 5.8 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2015-7347 | medium | 4.8 | 5.8 | 9y ago | Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1. | |||
| CVE-2015-7282 | medium | 5.8 | 5.8 | 11y ago | ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the de… | |||
| CVE-2015-7794 | medium | 5.8 | 5.8 | 11y ago | Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries. | |||
| CVE-2015-7793 | medium | 5.8 | 5.8 | 11y ago | Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. | |||
| CVE-2015-7990 | medium | 5.8 | 5.8 | 11y ago | Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibl… | |||
| CVE-2015-8242 | medium | — | 5.8 | 11y ago | The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read a… | |||
| CVE-2015-7285 | medium | — | 5.8 | 11y ago | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended … | |||
| CVE-2015-6112 | medium | — | 5.8 | 11y ago | SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required ext… | |||
| CVE-2015-5655 | medium | — | 5.8 | 11y ago | The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c… | |||
| CVE-2015-6614 | medium | — | 5.8 | 11y ago | Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial … | |||
| CVE-2015-5210 | medium | — | 5.8 | 11y ago | Apache Ambari Open Redirect | |||
| CVE-2015-7023 | medium | — | 5.8 | 11y ago | CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite coo… | |||
| CVE-2015-4871 | medium | — | 5.8 | 11y ago | Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | |||
| CVE-2015-4859 | medium | — | 5.8 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect confidentiality and integ… | |||
| CVE-2015-7823 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in th… | |||
| CVE-2015-6463 | medium | — | 5.8 | 11y ago | CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU … | |||
| CVE-2015-6012 | medium | — | 5.8 | 11y ago | Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and co… | |||
| CVE-2015-6548 | medium | — | 5.8 | 11y ago | Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to … | |||
| CVE-2015-6932 | medium | — | 5.8 | 11y ago | VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat… | |||
| CVE-2015-0943 | medium | — | 5.8 | 11y ago | Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user cred… | |||
| CVE-2015-5717 | medium | — | 5.8 | 11y ago | The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti… | |||
| CVE-2015-2014 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing att… | |||
| CVE-2015-4297 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP reque… | |||
| CVE-2015-5510 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via … | |||
| CVE-2015-5503 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspe… | |||
| CVE-2015-5770 | medium | — | 5.8 | 11y ago | MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterpri… | |||
| CVE-2015-5176 | medium | — | 5.8 | 11y ago | The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to r… | |||
| CVE-2015-3963 | medium | — | 5.8 | 11y ago | Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices be… | |||
| CVE-2015-4529 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7,… | |||
| CVE-2015-0543 | medium | — | 5.8 | 11y ago | EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… | |||
| CVE-2015-5062 | medium | — | 5.8 | 11y ago | Silverstripe CMS Open Redirect | |||
| CVE-2015-2859 | medium | — | 5.8 | 11y ago | Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows m… | |||
| CVE-2015-3233 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2015-3232 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination… | |||
| CVE-2015-4398 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct … | |||
| CVE-2015-4371 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified … | |||
| CVE-2015-4363 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecif… | |||
| CVE-2015-4353 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via un… | |||
| CVE-2015-4352 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via… | |||
| CVE-2015-4349 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact catego… | |||
| CVE-2015-2337 | medium | — | 5.8 | 11y ago | TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode… | |||
| CVE-2015-2336 | medium | — | 5.8 | 11y ago | TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mod… | |||
| CVE-2015-2783 | medium | — | 5.8 | 11y ago | ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over… | |||
| CVE-2015-4094 | medium | — | 5.8 | 11y ago | The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s… | |||
| CVE-2015-3175 | medium | — | 5.8 | 11y ago | Moodle Arbitrary Redirect | |||
| CVE-2015-4134 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||
| CVE-2015-3922 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the refere… |