| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
8951 |
CVE-2015-4371 |
|
|
|
2015-06-15 |
2015-06-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. |
|
8952 |
CVE-2015-4368 |
|
|
|
2015-06-15 |
2016-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Commerce Ogone module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to complete the checkout for an order without paying via unspecified vectors. |
|
8953 |
CVE-2015-4363 |
|
|
|
2015-06-15 |
2015-06-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
|
8954 |
CVE-2015-4353 |
352 |
|
CSRF |
2015-06-15 |
2016-06-09 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via unspecified vectors. |
|
8955 |
CVE-2015-4352 |
352 |
|
CSRF |
2015-06-15 |
2016-06-09 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors. |
|
8956 |
CVE-2015-4349 |
352 |
|
CSRF |
2015-06-15 |
2015-06-30 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors. |
|
8957 |
CVE-2015-4345 |
200 |
|
+Info |
2015-06-15 |
2016-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors. |
|
8958 |
CVE-2015-4344 |
264 |
|
Bypass |
2015-06-15 |
2016-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching. |
|
8959 |
CVE-2015-4334 |
200 |
|
+Info |
2015-12-07 |
2015-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication. |
|
8960 |
CVE-2015-4322 |
264 |
|
|
2015-08-19 |
2017-09-19 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. |
|
8961 |
CVE-2015-4321 |
20 |
|
Bypass |
2015-08-20 |
2017-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724. |
|
8962 |
CVE-2015-4319 |
255 |
|
|
2015-08-20 |
2017-01-04 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338. |
|
8963 |
CVE-2015-4318 |
399 |
|
DoS |
2015-08-20 |
2017-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528. |
|
8964 |
CVE-2015-4317 |
399 |
|
DoS |
2015-08-19 |
2017-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469. |
|
8965 |
CVE-2015-4316 |
20 |
|
|
2015-08-20 |
2017-09-20 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396. |
|
8966 |
CVE-2015-4315 |
20 |
|
DoS |
2015-08-19 |
2017-09-20 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853. |
|
8967 |
CVE-2015-4299 |
284 |
|
|
2015-08-19 |
2016-12-28 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046. |
|
8968 |
CVE-2015-4297 |
|
|
|
2015-08-19 |
2016-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136. |
|
8969 |
CVE-2015-4296 |
399 |
|
DoS |
2015-08-19 |
2017-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006. |
|
8970 |
CVE-2015-4293 |
399 |
|
DoS |
2015-07-30 |
2015-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957. |
|
8971 |
CVE-2015-4287 |
264 |
|
Bypass +Info |
2015-07-28 |
2015-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. |
|
8972 |
CVE-2015-4286 |
20 |
|
|
2015-07-29 |
2015-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. |
|
8973 |
CVE-2015-4285 |
399 |
|
DoS |
2015-07-23 |
2015-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273. |
|
8974 |
CVE-2015-4284 |
20 |
|
DoS |
2015-07-22 |
2017-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. |
|
8975 |
CVE-2015-4280 |
399 |
|
DoS |
2015-07-18 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844. |
|
8976 |
CVE-2015-4275 |
399 |
|
DoS |
2015-07-16 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header in a GTPv2 packet, aka Bug ID CSCut11534. |
|
8977 |
CVE-2015-4273 |
20 |
|
DoS |
2015-07-15 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476. |
|
8978 |
CVE-2015-4240 |
399 |
|
DoS |
2015-07-08 |
2016-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656. |
|
8979 |
CVE-2015-4229 |
200 |
|
+Info |
2015-06-30 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589. |
|
8980 |
CVE-2015-4228 |
399 |
|
DoS |
2015-07-02 |
2015-07-02 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad servers to cause a denial of service (reboot) via malformed ad messages, aka Bug ID CSCur13999. |
|
8981 |
CVE-2015-4223 |
399 |
|
DoS |
2015-06-25 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478. |
|
8982 |
CVE-2015-4218 |
200 |
|
+Info |
2015-06-24 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858. |
|
8983 |
CVE-2015-4216 |
200 |
|
Bypass +Info |
2015-06-26 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630. |
|
8984 |
CVE-2015-4212 |
200 |
|
+Info |
2015-06-24 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466. |
|
8985 |
CVE-2015-4207 |
200 |
|
Bypass +Info |
2015-06-23 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147. |
|
8986 |
CVE-2015-4205 |
399 |
|
DoS |
2015-06-23 |
2016-12-29 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959. |
|
8987 |
CVE-2015-4203 |
362 |
|
DoS |
2015-06-23 |
2016-12-28 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396. |
|
8988 |
CVE-2015-4202 |
200 |
|
+Info |
2015-06-20 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203. |
|
8989 |
CVE-2015-4201 |
20 |
|
DoS |
2015-06-20 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Session Manager restart) via an invalid TCP/IP header, aka Bug ID CSCut68058. |
|
8990 |
CVE-2015-4196 |
255 |
|
|
2015-07-04 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546. |
|
8991 |
CVE-2015-4194 |
200 |
|
+Info |
2015-06-18 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861. |
|
8992 |
CVE-2015-4191 |
399 |
|
DoS |
2015-06-18 |
2016-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565. |
|
8993 |
CVE-2015-4188 |
89 |
|
Exec Code Sql |
2015-06-17 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104. |
|
8994 |
CVE-2015-4184 |
20 |
|
Bypass |
2015-06-13 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733. |
|
8995 |
CVE-2015-4182 |
264 |
|
Bypass +Info |
2015-06-12 |
2017-01-04 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087. |
|
8996 |
CVE-2015-4181 |
22 |
|
Dir. Trav. |
2017-08-25 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. |
|
8997 |
CVE-2015-4180 |
22 |
|
Dir. Trav. |
2017-08-25 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050. |
|
8998 |
CVE-2015-4158 |
|
|
DoS |
2015-06-02 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. |
|
8999 |
CVE-2015-4157 |
|
|
DoS |
2015-06-02 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. |
|
9000 |
CVE-2015-4153 |
22 |
|
Dir. Trav. |
2015-06-10 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php. |
