Export limit exceeded: 366859 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366859 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5501 1 Aegirproject 1 Hostmaster 2025-04-12 N/A
The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment.
CVE-2015-5502 1 Storage Api Project 1 Storage Api 2025-04-12 N/A
The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-5503 1 Chamilo Integration Project 1 Chamilo Integration 2025-04-12 N/A
Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.
CVE-2015-5504 1 Novalnet 1 Novalnet Payment Module Ubercart- 2025-04-12 N/A
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5505 1 Codfront Labs 1 Http Strict Transport Security 2025-04-12 N/A
The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors.
CVE-2015-5506 1 Apache Solr Real-time Project 1 Apache Solr Real-time 2025-04-12 N/A
The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content via a search.
CVE-2015-5507 1 Inline Entity Form Project 1 Inline Entity Form 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5508 1 The Extensible Catalog Drupal Toolkit Project 1 The Extensible Catalog Drupal Toolkit 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request.
CVE-2015-5509 1 Administration Views Project 1 Administration Views 2025-04-12 N/A
The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors.
CVE-2015-5510 1 Content Construction Kit Project 1 Content Construction Kit 2025-04-12 N/A
Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages.
CVE-2015-5511 1 Hybridauth Social Login Project 1 Hybridauth Social Login 2025-04-12 N/A
The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login.
CVE-2015-5512 1 Me Aliases Project 1 Me Aliases 2025-04-12 N/A
The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in a URL.
CVE-2015-5513 1 Niif 1 Shibboleth Authentication 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link.
CVE-2015-5514 1 Migrate Project 1 Migrate 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label.
CVE-2015-5515 1 Views Bulk Operations Project 1 Views Bulk Operations 2025-04-12 N/A
The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled.
CVE-2015-5516 1 F5 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 15 more 2025-04-12 N/A
Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 HF2 and 11.6.0 before HF6, BIG-IP AFM and PEM 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Analytics 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP APM and ASM 10.1.0 through 10.2.4, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, and 11.3.0, BIG-IP PSM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, and 11.4.x before 11.4.1 HF, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 might allow remote attackers to cause a denial of service (memory consumption) via a large number of crafted UDP packets.
CVE-2015-5519 1 Wideimage Project 1 Wideimage 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php.
CVE-2015-5520 1 Orchardproject 1 Orchard 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account.
CVE-2015-5521 1 Blackcat-cms 1 Blackcat Cms 2025-04-12 4.8 Medium
Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php.
CVE-2015-5522 4 Apple, Canonical, Debian and 1 more 6 Iphone Os, Mac Os X, Watchos and 3 more 2025-04-12 N/A
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.