Skip to main content
CVE-2015-4119 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP SQLi Ispconfig
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
4.6%
CVE-2015-3209 HIGH Act Now

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Memory Corruption Buffer Overflow RCE Qemu Junos Space +16
NVD
CVSS 2.0
7.5
EPSS
20.6%
CVE-2015-4118 MEDIUM POC This Month

SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ispconfig
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.9%
CVE-2015-4362 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Tracking Code
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-4360 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Registration Codes
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-4379 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF File Upload Webform Multiple File Upload
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-4364 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Campaign Monitor
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-4391 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the CiviCRM private report module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Civicrm Private Report
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-4390 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the User Import module 6.x-4.x before 6.x-4.4 and 7.x-2.x before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF User Import
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-4382 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Invoice
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-4361 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Registration Codes
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4383 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Decisions module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that remove individual voters. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Decisions
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4355 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggregator module for Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Watchdog Aggregator
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4350 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Spider Catalog
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4397 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote attackers to hijack the authentication of users with the "access node template" permission for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Node Template
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4152 MEDIUM This Month

Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Elastic Logstash
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2015-4393 MEDIUM PATCH This Month

The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

RCE Services
NVD
CVSS 2.0
6.0
EPSS
1.3%
CVE-2015-4348 MEDIUM This Month

SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

SQLi Spider Contacts
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2015-4371 MEDIUM PATCH This Month

Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Perfecto
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-4363 MEDIUM This Month

Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Finder
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2015-4353 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Custom Sitemap
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-4352 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Web Dorado Spider Video Player
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-4349 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Spider Contacts
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-4142 MEDIUM This Month

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
CVSS 2.0
4.3
EPSS
7.1%
CVE-2015-4344 MEDIUM PATCH This Month

The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Services Basic Authentication
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2015-4146 MEDIUM This Month

The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wpa Supplicant Hostapd Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2015-4145 MEDIUM This Month

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hostapd Opensuse Wpa Supplicant
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-4144 MEDIUM This Month

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Opensuse Hostapd Wpa Supplicant
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-4143 MEDIUM This Month

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant Hostapd Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-4396 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Keyword Research module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of users with the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

CSRF Keyword Research
NVD
CVSS 2.0
5.1
EPSS
0.1%
CVE-2015-4345 MEDIUM PATCH This Month

The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Restful Web Services
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-4368 MEDIUM PATCH This Month

The Commerce Ogone module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to complete the checkout for an order without paying via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Commerce Ogone
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-4394 MEDIUM PATCH This Month

The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Services
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-4351 MEDIUM This Month

The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Web Dorado Spider Video Player
NVD
CVSS 2.0
4.9
EPSS
0.6%
CVE-2015-4163 MEDIUM This Month

GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-4164 MEDIUM This Month

The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-4141 MEDIUM This Month

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant Hostapd Opensuse
NVD
CVSS 2.0
4.3
EPSS
1.5%
CVE-2015-4375 MEDIUM PATCH This Month

The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ctools
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-4347 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Inlinks
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-4386 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Entitybulkdelete
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-4559 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Intel Java Epolicy Orchestrator
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-4093 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Elastic Kibana
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-4389 MEDIUM This Month

The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Open Graph Importer
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-4359 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Registration Codes
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-4357 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Webform
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-4381 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices". Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Invoice
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-4376 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Profile2 Privacy
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-4369 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question". Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Trick Question
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-4367 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks". Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Simple Subscription
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-4392 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Display Suite
NVD
CVSS 2.0
3.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy