Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-5764 |
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. Published: September 18, 2015; 6:59:03 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-3801 |
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. Published: September 18, 2015; 6:59:02 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8611 |
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application. Published: September 18, 2015; 6:59:00 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2015-7235 |
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI. Published: September 17, 2015; 12:59:14 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-7234 |
The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors. Published: September 17, 2015; 12:59:13 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-7233 |
Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors. Published: September 17, 2015; 12:59:12 PM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2015-7232 |
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 17, 2015; 12:59:11 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2015-7231 |
The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb." Published: September 17, 2015; 12:59:10 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7230 |
The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node. Published: September 17, 2015; 12:59:09 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-7229 |
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission. Published: September 17, 2015; 12:59:08 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-7228 |
The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensitive information via unspecified vectors. Published: September 17, 2015; 12:59:07 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7227 |
The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels. Published: September 17, 2015; 12:59:06 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-7226 |
The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler. Published: September 17, 2015; 12:59:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-6672 |
Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 17, 2015; 12:59:04 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5538 |
Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI). Published: September 17, 2015; 12:59:02 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-4040 |
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. Published: September 17, 2015; 12:59:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-1319 |
The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive. Published: September 17, 2015; 12:59:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-6962 |
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. Published: September 17, 2015; 11:59:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-6973 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp. Published: September 16, 2015; 3:59:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-6972 |
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp. Published: September 16, 2015; 3:59:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |