Export limit exceeded: 366284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3337 1 Elasticsearch 1 Elasticsearch 2025-04-12 N/A
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2015-3340 5 Debian, Fedoraproject, Opensuse and 2 more 9 Debian Linux, Fedora, Opensuse and 6 more 2025-04-12 N/A
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
CVE-2015-3342 1 Ubercart Currency Conversion Project 1 Ubercart Currency Conversion 2025-04-12 N/A
Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination query parameter.
CVE-2015-3343 1 Opac Project 1 Opac 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the OPAC module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims for requests that remove a mapping via unknown vectors.
CVE-2015-3344 1 Dlc Solutions 1 Course 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
CVE-2015-3345 1 Phplist Integration Project 1 Phplist Integration 2025-04-12 N/A
SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database."
CVE-2015-3346 1 Wikiwiki Project 1 Wikiwiki 2025-04-12 N/A
SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-3347 1 Cloudwords 1 Cloudwords For Multilingual 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims via an unknown menu callback.
CVE-2015-3350 1 Todo Filter Project 1 Todo Filter 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors.
CVE-2015-3351 1 Log Watcher Project 1 Log Watcher 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors.
CVE-2015-3352 1 Jammer Project 1 Jammer 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete a setting for (1) hidden form elements or (2) status messages via unspecified vectors, related to "report administration."
CVE-2015-3353 1 Field Display Label Project 1 Field Display Label 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Field Display Label module before 7.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the alternate field label in content types settings.
CVE-2015-3354 1 Wishlist Project 1 Wishlist 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors.
CVE-2015-3355 1 Batch Jobs Project 1 Batch Jobs 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Batch Jobs module before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of certain users for requests that (1) delete a batch job record or (2) execute a task via unspecified vectors.
CVE-2015-3356 1 Tadaa\! Project 1 Tadaa\! 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) enable or (2) disable modules or (3) change variables via unspecified vectors.
CVE-2015-3357 1 Wishlist Project 1 Wishlist 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message.
CVE-2015-3358 1 Tadaa\! Project 1 Tadaa\! 2025-04-12 N/A
Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter, related to callbacks that (1) enable and disable modules or (2) change variables.
CVE-2015-3359 1 Room Reservations Project 1 Room Reservations 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Room Reservations module before 7.x-1.1 for Drupal allow remote authenticated users with the "Administer the room reservations system" permission to inject arbitrary web script or HTML via the (1) node title of a "Room Reservations Category" or (2) body of a "Room Reservations Room" node.
CVE-2015-3360 1 Term Merge Project 1 Term Merge 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-3361 1 Linkit Project 1 Linkit 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title.