Skip to main content
CVE-2014-5361 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Landesk Management Suite
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-3355 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Batch Jobs module before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of certain users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Batch Jobs
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-3352 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Jammer
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-3350 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Todo Filter
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-3370 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Node Invite
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3367 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Patterns
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3363 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Contact Form Fields
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3356 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Tadaa!. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Tadaa
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3351 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Log Watcher
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3349 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Htaccess
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3347 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Cloudwords For Multilingual
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3343 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the OPAC module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims for requests that remove a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Opac
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3345 MEDIUM PATCH This Month

SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Phplist Integration
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-3393 MEDIUM PATCH This Month

Open redirect vulnerability in the Commerce WeDeal module before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Wedeal
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-3371 MEDIUM PATCH This Month

Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Node Invite
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-3358 MEDIUM PATCH This Month

Multiple open redirect vulnerabilities in the Tadaa!. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Tadaa
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-3342 MEDIUM PATCH This Month

Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Ubercart Currency Conversion
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-3383 MEDIUM PATCH This Month

Open redirect vulnerability in the Node basket module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Node Basket
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-3375 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Shibboleth Authentication
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-3354 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Wishlist
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-3366 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Alfresco
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-3388 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Commerce Balanced Payments
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-3382 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Node Basket
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-3380 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Feature Set
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-3374 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Corner
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-8111 MEDIUM This Month

Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Apache Tomcat Connectors
NVD
CVSS 2.0
5.0
EPSS
3.7%
CVE-2015-3373 MEDIUM PATCH This Month

The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Amazon Aws
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-3391 MEDIUM PATCH This Month

The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Path Breadcrumbs
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-3378 MEDIUM PATCH This Month

Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Open Redirect Views
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2014-9718 MEDIUM This Month

The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Qemu
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2015-2041 MEDIUM This Month

net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Suse Linux Enterprise Server Linux Kernel Debian Linux
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-2042 MEDIUM This Month

net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-3364 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Content Analysis
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0703 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Meetingplace
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3379 MEDIUM PATCH This Month

The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Views
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy