Skip to main content
CVE-2015-1701 HIGH POC KEV PATCH THREAT Act Now

Win32k.sys in Windows Server 2003, Vista, and Server 2008 allows local privilege escalation through a kernel-mode vulnerability, exploited in the wild alongside browser zero-days in April 2015 as part of APT attack chains.

Information Disclosure Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
90.2%
Threat
9.3
CVE-2015-2825 HIGH POC PATCH THREAT Act Now

Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.3%.

RCE WordPress PHP File Upload Simple Ads Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
35.3%
Threat
4.1
CVE-2015-0135 CRITICAL PATCH Act Now

IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 32.4%.

IBM RCE Denial Of Service Domino
NVD
CVSS 2.0
10.0
EPSS
32.4%
CVE-2014-5370 HIGH POC THREAT Act Now

Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.5%.

Path Traversal Bluedragon
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
11.5%
CVE-2014-5361 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Landesk Management Suite
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-0702 CRITICAL Act Now

Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE File Upload Unified Meetingplace
NVD
CVSS 2.0
9.0
EPSS
1.3%
CVE-2014-8125 HIGH PATCH This Week

XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

XXE Drools Jbpm
NVD GitHub
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-3346 HIGH PATCH This Week

SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Wikiwiki
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-3355 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Batch Jobs module before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of certain users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Batch Jobs
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-3352 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Jammer
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-3350 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Todo Filter
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-3370 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Node Invite
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3367 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Patterns
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3363 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Contact Form Fields
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3356 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Tadaa!. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Tadaa
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3351 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Log Watcher
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3349 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Htaccess
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3347 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Cloudwords For Multilingual
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3343 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the OPAC module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims for requests that remove a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Opac
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3345 MEDIUM PATCH This Month

SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Phplist Integration
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-3393 MEDIUM PATCH This Month

Open redirect vulnerability in the Commerce WeDeal module before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Wedeal
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-3371 MEDIUM PATCH This Month

Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Node Invite
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-3358 MEDIUM PATCH This Month

Multiple open redirect vulnerabilities in the Tadaa!. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Tadaa
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-3342 MEDIUM PATCH This Month

Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Ubercart Currency Conversion
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-3383 MEDIUM PATCH This Month

Open redirect vulnerability in the Node basket module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Node Basket
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-3375 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Shibboleth Authentication
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-3354 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Wishlist
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-3366 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Alfresco
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-3388 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Commerce Balanced Payments
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-3382 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Node Basket
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-3380 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Feature Set
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-3374 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Corner
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-8111 MEDIUM This Month

Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Apache Tomcat Connectors
NVD
CVSS 2.0
5.0
EPSS
3.7%
CVE-2015-3373 MEDIUM PATCH This Month

The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Amazon Aws
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-3391 MEDIUM PATCH This Month

The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Path Breadcrumbs
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-3378 MEDIUM PATCH This Month

Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Open Redirect Views
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2014-9718 MEDIUM This Month

The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Qemu
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2015-2041 MEDIUM This Month

net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Suse Linux Enterprise Server Linux Kernel Debian Linux
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-2042 MEDIUM This Month

net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-3364 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Content Analysis
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0703 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Meetingplace
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3379 MEDIUM PATCH This Month

The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Views
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-3392 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Ajax Timeline
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-3369 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Taxonews
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-3368 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Classified Ads
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-3344 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Course
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-3386 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Node Access Product
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-3384 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Commerce Balanced Payments
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-3381 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Node Basket
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-3365 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Nodeauthor
NVD
CVSS 2.0
3.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy