Vulnerabilities (CVE)

Filtered by CWE-264
Total 5268 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4531 1 Emc 1 Documentum Content Server 2026-06-17 9.0 HIGH N/A
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622.
CVE-2015-4523 1 Symantec 2 Malware Analysis Appliance, Malware Analyzer G2 2026-06-17 9.0 HIGH 9.3 CRITICAL
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.
CVE-2015-4505 2 Microsoft, Mozilla 2 Windows, Firefox 2026-06-17 6.6 MEDIUM N/A
updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.
CVE-2015-4483 3 Mozilla, Opensuse, Oracle 3 Firefox, Opensuse, Solaris 2026-06-17 4.3 MEDIUM N/A
Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.
CVE-2015-4394 1 Services Project 1 Services 2026-06-17 5.0 MEDIUM N/A
The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors.
CVE-2015-4389 1 Open Graph Importer Project 1 Open Graph Importer 2026-06-17 4.0 MEDIUM N/A
The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the "import og_tag_importer" permission.
CVE-2015-4351 1 Web-dorado 1 Web-dorado Spider Video Player 2026-06-17 4.9 MEDIUM N/A
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
CVE-2015-4344 1 Services Basic Authentication Project 1 Services Basic Authentication 2026-06-17 5.0 MEDIUM N/A
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching.
CVE-2015-4331 1 Cisco 1 Prime Infrastructure 2026-06-17 3.5 LOW N/A
Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958.
CVE-2015-4325 1 Cisco 1 Telepresence Video Communication Server Software 2026-06-17 6.9 MEDIUM N/A
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272.
CVE-2015-4322 1 Cisco 1 Content Security Management Appliance 2026-06-17 5.5 MEDIUM N/A
Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894.
CVE-2015-4307 1 Cisco 1 Prime Collaboration Provisioning 2026-06-17 9.0 HIGH N/A
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.
CVE-2015-4306 1 Cisco 1 Prime Collaboration Assurance 2026-06-17 8.5 HIGH N/A
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.
CVE-2015-4305 1 Cisco 1 Prime Collaboration Assurance 2026-06-17 4.0 MEDIUM N/A
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656.
CVE-2015-4304 1 Cisco 1 Prime Collaboration Assurance 2026-06-17 9.0 HIGH N/A
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652.
CVE-2015-4303 1 Cisco 1 Telepresence Video Communication Server Software 2026-06-17 6.5 MEDIUM N/A
Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333.
CVE-2015-4287 1 Cisco 1 Firepower Extensible Operating System 2026-06-17 5.0 MEDIUM N/A
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230.
CVE-2015-4282 1 Cisco 1 Mobility Services Engine 2026-06-17 6.9 MEDIUM N/A
Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504.
CVE-2015-4237 1 Cisco 38 Mds 9100, Mds 9140, Mds 9500 and 35 more 2026-06-17 4.6 MEDIUM N/A
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.
CVE-2015-4235 1 Cisco 2 Application Policy Infrastructure Controller \(apic\), Nx-os 2026-06-17 9.0 HIGH N/A
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.