Export limit exceeded: 366811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366811 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4331 1 Cisco 1 Prime Infrastructure 2025-04-12 N/A
Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958.
CVE-2015-4334 1 Symantec 1 Proxysg Firmware 2025-04-12 N/A
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication.
CVE-2015-4335 3 Debian, Redhat, Redislabs 3 Debian Linux, Openstack, Redis 2025-04-12 N/A
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
CVE-2015-4336 1 Xcloner 1 Xcloner 2025-04-12 N/A
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file.
CVE-2015-4337 1 Xcloner 1 Xcloner 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.
CVE-2015-4338 1 Xcloner 1 Xcloner 2025-04-12 N/A
Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php.
CVE-2015-4342 2 Cacti, Fedoraproject 2 Cacti, Fedora 2025-04-12 N/A
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.
CVE-2015-4344 1 Services Basic Authentication Project 1 Services Basic Authentication 2025-04-12 N/A
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching.
CVE-2015-4345 1 Restful Web Services Project 1 Restful Web Services 2025-04-12 N/A
The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-4346 1 Sms Framework Project 1 Sms Framework 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews.
CVE-2015-4347 1 Inlinks Project 1 Inlinks 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments.
CVE-2015-4348 1 Spider Contacts Project 1 Spider Contacts 2025-04-12 N/A
SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-4349 1 Spider Contacts Project 1 Spider Contacts 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors.
CVE-2015-4350 1 Web-dorado 1 Spider Catalog 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors.
CVE-2015-4351 1 Web-dorado 1 Web-dorado Spider Video Player 2025-04-12 N/A
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
CVE-2015-4352 1 Web-dorado 1 Web-dorado Spider Video Player 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors.
CVE-2015-4353 1 Osscube 1 Custom Sitemap 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via unspecified vectors.
CVE-2015-4354 1 Ubercart Webform Integration Project 1 Ubercart Webform Integration 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-4355 1 Watchdog Aggregator Project 1 Watchdog Aggregator 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggregator module for Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable monitoring sites via unspecified vectors.
CVE-2015-4356 1 Webform Project 1 Webform 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform.