| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
101 |
CVE-2015-4358 |
79 |
|
XSS |
2015-06-15 |
2015-06-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms. |
|
102 |
CVE-2015-4357 |
79 |
|
XSS |
2015-06-15 |
2015-06-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the default title of a webform block. |
|
103 |
CVE-2015-4356 |
79 |
|
XSS |
2015-06-15 |
2015-06-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform. |
|
104 |
CVE-2015-4355 |
352 |
|
CSRF |
2015-06-15 |
2016-06-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggregator module for Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable monitoring sites via unspecified vectors. |
|
105 |
CVE-2015-4354 |
79 |
|
XSS |
2015-06-15 |
2015-06-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. |
|
106 |
CVE-2015-4353 |
352 |
|
CSRF |
2015-06-15 |
2016-06-09 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via unspecified vectors. |
|
107 |
CVE-2015-4352 |
352 |
|
CSRF |
2015-06-15 |
2016-06-09 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors. |
|
108 |
CVE-2015-4351 |
264 |
|
|
2015-06-15 |
2016-06-09 |
4.9 |
None |
Remote |
Medium |
??? |
None |
Partial |
Partial |
|
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL. |
|
109 |
CVE-2015-4350 |
352 |
|
CSRF |
2015-06-15 |
2016-06-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors. |
|
110 |
CVE-2015-4349 |
352 |
|
CSRF |
2015-06-15 |
2015-06-30 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors. |
|
111 |
CVE-2015-4348 |
89 |
|
Exec Code Sql |
2015-06-15 |
2015-06-30 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors. |
|
112 |
CVE-2015-4347 |
79 |
|
XSS |
2015-06-15 |
2015-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments. |
|
113 |
CVE-2015-4346 |
79 |
|
XSS |
2015-06-15 |
2015-06-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews. |
|
114 |
CVE-2015-4345 |
200 |
|
+Info |
2015-06-15 |
2016-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors. |
|
115 |
CVE-2015-4344 |
264 |
|
Bypass |
2015-06-15 |
2016-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching. |
|
116 |
CVE-2015-4342 |
89 |
|
Exec Code Sql |
2015-06-17 |
2017-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. |
|
117 |
CVE-2015-4338 |
94 |
|
|
2015-06-17 |
2015-06-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php. |
|
118 |
CVE-2015-4337 |
79 |
|
XSS |
2015-06-17 |
2015-06-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php. |
|
119 |
CVE-2015-4336 |
77 |
|
Exec Code |
2015-06-17 |
2015-06-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file. |
|
120 |
CVE-2015-4335 |
17 |
|
Exec Code |
2015-06-09 |
2018-08-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. |
|
121 |
CVE-2015-4229 |
200 |
|
+Info |
2015-06-30 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589. |
|
122 |
CVE-2015-4227 |
399 |
|
DoS |
2015-06-30 |
2016-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91838. |
|
123 |
CVE-2015-4226 |
399 |
|
DoS |
2015-06-30 |
2017-01-04 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976. |
|
124 |
CVE-2015-4225 |
264 |
|
+Info |
2015-06-27 |
2016-12-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuq77485. |
|
125 |
CVE-2015-4224 |
78 |
|
Exec Code |
2015-06-26 |
2016-12-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. |
|
126 |
CVE-2015-4223 |
399 |
|
DoS |
2015-06-25 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478. |
|
127 |
CVE-2015-4222 |
89 |
|
Exec Code Sql |
2015-06-26 |
2016-12-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325. |
|
128 |
CVE-2015-4221 |
264 |
|
Exec Code |
2015-06-26 |
2016-12-28 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194. |
|
129 |
CVE-2015-4220 |
79 |
|
XSS |
2015-06-25 |
2016-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773. |
|
130 |
CVE-2015-4219 |
264 |
|
+Info |
2015-06-24 |
2016-12-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331. |
|
131 |
CVE-2015-4218 |
200 |
|
+Info |
2015-06-24 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858. |
|
132 |
CVE-2015-4217 |
310 |
|
|
2015-06-26 |
2016-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601. |
|
133 |
CVE-2015-4216 |
200 |
|
Bypass +Info |
2015-06-26 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630. |
|
134 |
CVE-2015-4215 |
399 |
|
DoS |
2015-06-24 |
2021-04-16 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6 device, aka Bug ID CSCuj01046. |
|
135 |
CVE-2015-4214 |
200 |
|
+Info |
2015-06-24 |
2016-12-28 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050. |
|
136 |
CVE-2015-4213 |
200 |
|
+Info |
2015-06-24 |
2016-12-28 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391. |
|
137 |
CVE-2015-4212 |
200 |
|
+Info |
2015-06-24 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466. |
|
138 |
CVE-2015-4211 |
264 |
|
+Priv |
2015-06-24 |
2016-12-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862. |
|
139 |
CVE-2015-4210 |
79 |
|
XSS |
2015-06-23 |
2016-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. |
|
140 |
CVE-2015-4209 |
200 |
|
+Info |
2015-06-23 |
2016-12-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. |
|
141 |
CVE-2015-4208 |
200 |
|
Sql +Info |
2015-06-24 |
2016-12-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. |
|
142 |
CVE-2015-4207 |
200 |
|
Bypass +Info |
2015-06-23 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147. |
|
143 |
CVE-2015-4205 |
399 |
|
DoS |
2015-06-23 |
2016-12-29 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959. |
|
144 |
CVE-2015-4204 |
399 |
|
DoS |
2015-06-23 |
2016-12-28 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051. |
|
145 |
CVE-2015-4203 |
362 |
|
DoS |
2015-06-23 |
2016-12-28 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396. |
|
146 |
CVE-2015-4202 |
200 |
|
+Info |
2015-06-20 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203. |
|
147 |
CVE-2015-4201 |
20 |
|
DoS |
2015-06-20 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Session Manager restart) via an invalid TCP/IP header, aka Bug ID CSCut68058. |
|
148 |
CVE-2015-4200 |
399 |
|
DoS |
2015-06-23 |
2016-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation, aka Bug ID CSCug00885. |
|
149 |
CVE-2015-4199 |
362 |
|
DoS |
2015-06-27 |
2016-12-28 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent connectivity with many IPv6 CPE devices, aka Bug ID CSCug47366. |
|
150 |
CVE-2015-4198 |
79 |
|
XSS |
2015-06-20 |
2016-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409. |
