Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3993 | 1 Actian | 1 Matrix | 2016-12-05 | 6.5 MEDIUM | N/A |
| Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table. | |||||
| CVE-2015-4032 | 1 Visual Mining | 1 Netcharts Server | 2016-12-05 | 10.0 HIGH | N/A |
| projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors. | |||||
| CVE-2015-4034 | 1 Samsung | 1 Galaxy S5 | 2016-12-05 | 7.9 HIGH | N/A |
| The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object. | |||||
| CVE-2015-3343 | 1 Opac Project | 1 Opac | 2016-12-05 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the OPAC module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims for requests that remove a mapping via unknown vectors. | |||||
| CVE-2015-3344 | 1 Dlc Solutions | 1 Course | 2016-12-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2015-3346 | 1 Wikiwiki Project | 1 Wikiwiki | 2016-12-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-3347 | 1 Cloudwords | 1 Cloudwords For Multilingual | 2016-12-05 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims via an unknown menu callback. | |||||
| CVE-2015-3348 | 1 Cloudwords | 1 Cloudwords For Multilingual | 2016-12-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2015-3349 | 1 Htaccess Project | 1 Htaccess | 2016-12-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) deploy or (2) delete an .htaccess file via unspecified vectors. | |||||
| CVE-2015-3350 | 1 Todo Filter Project | 1 Todo Filter | 2016-12-05 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors. | |||||
| CVE-2015-3351 | 1 Log Watcher Project | 1 Log Watcher | 2016-12-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors. | |||||
| CVE-2015-3352 | 1 Jammer Project | 1 Jammer | 2016-12-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete a setting for (1) hidden form elements or (2) status messages via unspecified vectors, related to "report administration." | |||||
| CVE-2015-3353 | 1 Field Display Label Project | 1 Field Display Label | 2016-12-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Field Display Label module before 7.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the alternate field label in content types settings. | |||||
| CVE-2015-3354 | 1 Wishlist Project | 1 Wishlist | 2016-12-05 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors. | |||||
| CVE-2015-3355 | 1 Batch Jobs Project | 1 Batch Jobs | 2016-12-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Batch Jobs module before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of certain users for requests that (1) delete a batch job record or (2) execute a task via unspecified vectors. | |||||
| CVE-2015-3356 | 1 Tadaa\! Project | 1 Tadaa\! | 2016-12-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) enable or (2) disable modules or (3) change variables via unspecified vectors. | |||||
| CVE-2015-3358 | 1 Tadaa\! Project | 1 Tadaa\! | 2016-12-05 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter, related to callbacks that (1) enable and disable modules or (2) change variables. | |||||
| CVE-2015-3359 | 1 Room Reservations Project | 1 Room Reservations | 2016-12-05 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Room Reservations module before 7.x-1.1 for Drupal allow remote authenticated users with the "Administer the room reservations system" permission to inject arbitrary web script or HTML via the (1) node title of a "Room Reservations Category" or (2) body of a "Room Reservations Room" node. | |||||
| CVE-2015-3360 | 1 Term Merge Project | 1 Term Merge | 2016-12-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3362 | 1 Video Project | 1 Video | 2016-12-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||