| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
151 |
CVE-2015-5541 |
119 |
|
Exec Code Overflow |
2015-08-14 |
2018-01-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5129. |
|
152 |
CVE-2015-5540 |
|
|
Exec Code |
2015-08-14 |
2018-01-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. |
|
153 |
CVE-2015-5539 |
|
|
Exec Code |
2015-08-14 |
2018-01-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. |
|
154 |
CVE-2015-5537 |
312 |
|
|
2015-08-03 |
2022-02-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. |
|
155 |
CVE-2015-5536 |
264 |
|
Exec Code |
2015-08-13 |
2016-12-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request. |
|
156 |
CVE-2015-5535 |
79 |
|
XSS |
2015-08-13 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the qTranslate plugin 2.5.39 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the qtranslate page to wp-admin/options-general.php. |
|
157 |
CVE-2015-5531 |
22 |
|
Dir. Trav. |
2015-08-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. |
|
158 |
CVE-2015-5523 |
119 |
|
DoS Overflow |
2015-08-11 |
2016-12-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. |
|
159 |
CVE-2015-5522 |
119 |
|
DoS Overflow |
2015-08-11 |
2016-12-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. |
|
160 |
CVE-2015-5515 |
264 |
|
|
2015-08-18 |
2016-11-28 |
4.9 |
None |
Remote |
Medium |
??? |
None |
Partial |
Partial |
|
The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled. |
|
161 |
CVE-2015-5514 |
79 |
|
XSS |
2015-08-18 |
2015-08-20 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label. |
|
162 |
CVE-2015-5513 |
79 |
|
XSS |
2015-08-18 |
2015-08-20 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link. |
|
163 |
CVE-2015-5512 |
284 |
|
|
2015-08-18 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in a URL. |
|
164 |
CVE-2015-5511 |
264 |
|
Bypass |
2015-08-18 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login. |
|
165 |
CVE-2015-5510 |
|
|
|
2015-08-18 |
2015-09-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages. |
|
166 |
CVE-2015-5509 |
264 |
|
Bypass |
2015-08-18 |
2016-11-28 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors. |
|
167 |
CVE-2015-5508 |
352 |
|
CSRF |
2015-08-18 |
2016-11-28 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request. |
|
168 |
CVE-2015-5507 |
79 |
|
XSS |
2015-08-18 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors. |
|
169 |
CVE-2015-5506 |
200 |
|
+Info |
2015-08-18 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content via a search. |
|
170 |
CVE-2015-5505 |
17 |
|
|
2015-08-18 |
2017-07-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors. |
|
171 |
CVE-2015-5504 |
89 |
|
Exec Code Sql |
2015-08-18 |
2016-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
172 |
CVE-2015-5503 |
|
|
|
2015-08-18 |
2015-09-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. |
|
173 |
CVE-2015-5502 |
284 |
|
|
2015-08-18 |
2016-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors. |
|
174 |
CVE-2015-5501 |
254 |
|
Exec Code |
2015-08-18 |
2016-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment. |
|
175 |
CVE-2015-5500 |
79 |
|
XSS |
2015-08-18 |
2015-08-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. |
|
176 |
CVE-2015-5499 |
264 |
|
|
2015-08-18 |
2015-08-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission. |
|
177 |
CVE-2015-5498 |
264 |
|
+Info |
2015-08-18 |
2015-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page. |
|
178 |
CVE-2015-5497 |
79 |
|
XSS |
2015-08-18 |
2015-08-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. |
|
179 |
CVE-2015-5496 |
264 |
|
|
2015-08-18 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. |
|
180 |
CVE-2015-5495 |
79 |
|
XSS |
2015-08-18 |
2015-08-20 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors. |
|
181 |
CVE-2015-5494 |
79 |
|
XSS |
2015-08-18 |
2019-06-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. |
|
182 |
CVE-2015-5493 |
264 |
|
|
2015-08-18 |
2015-08-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors. |
|
183 |
CVE-2015-5492 |
79 |
|
XSS |
2015-08-18 |
2015-08-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
184 |
CVE-2015-5491 |
200 |
|
Bypass +Info |
2015-08-18 |
2015-08-20 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission. |
|
185 |
CVE-2015-5490 |
200 |
|
Bypass +Info |
2015-08-18 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors. |
|
186 |
CVE-2015-5489 |
79 |
|
XSS |
2015-08-18 |
2015-08-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form. |
|
187 |
CVE-2015-5488 |
79 |
|
XSS |
2015-08-18 |
2015-08-19 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors. |
|
188 |
CVE-2015-5487 |
79 |
|
XSS |
2015-08-18 |
2015-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab. |
|
189 |
CVE-2015-5485 |
79 |
|
XSS |
2015-08-18 |
2015-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php. |
|
190 |
CVE-2015-5482 |
22 |
|
Dir. Trav. |
2015-08-18 |
2016-12-22 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. |
|
191 |
CVE-2015-5481 |
79 |
|
XSS |
2015-08-18 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php. |
|
192 |
CVE-2015-5475 |
79 |
|
XSS |
2015-08-14 |
2016-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages. |
|
193 |
CVE-2015-5474 |
77 |
|
Exec Code |
2015-08-13 |
2015-08-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol. |
|
194 |
CVE-2015-5433 |
|
|
+Info |
2015-08-27 |
2015-08-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors. |
|
195 |
CVE-2015-5432 |
|
|
+Info |
2015-08-27 |
2015-08-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors. |
|
196 |
CVE-2015-5431 |
|
|
+Info |
2015-08-27 |
2015-08-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. |
|
197 |
CVE-2015-5430 |
200 |
|
+Info |
2015-08-27 |
2015-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors. |
|
198 |
CVE-2015-5429 |
|
|
+Info |
2015-08-27 |
2015-08-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428. |
|
199 |
CVE-2015-5428 |
|
|
+Info |
2015-08-27 |
2015-08-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429. |
|
200 |
CVE-2015-5427 |
|
|
+Info |
2015-08-27 |
2015-08-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429. |
