Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8398 | 1 Corel | 1 Fastflick | 2018-10-09 | 4.6 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed. | |||||
| CVE-2014-8419 | 1 Wibu | 1 Codemeter Runtime | 2018-10-09 | 7.2 HIGH | N/A |
| Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2014-8429 | 1 Xavoc | 1 Xepan Cms | 2018-10-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page. | |||||
| CVE-2014-8487 | 1 Kony | 1 Enterprise Mobile Management | 2018-10-09 | 4.0 MEDIUM | N/A |
| Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getMessageBody or (2) requests via the requestId parameter to selfservice/devicemgmt/getDeviceInfoTab.htm. | |||||
| CVE-2014-8539 | 1 Simple Email Form Project | 1 Simple Email Form | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php. | |||||
| CVE-2014-8612 | 1 Freebsd | 1 Freebsd | 2018-10-09 | 4.6 MEDIUM | N/A |
| Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option. | |||||
| CVE-2014-8658 | 1 Refinedwiki | 1 Refinedwiki Original Theme | 2018-10-09 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.action. | |||||
| CVE-2014-8682 | 1 Gogits | 1 Gogs | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. | |||||
| CVE-2014-8683 | 1 Gogits | 1 Gogs | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown. | |||||
| CVE-2014-8724 | 1 W3edge | 1 Total Cache | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI. | |||||
| CVE-2014-8732 | 1 Phpmemcachedadmin Project | 1 Phpmemcachedadmin | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8757 | 1 Lg | 1 On-screen Phone | 2018-10-09 | 8.3 HIGH | N/A |
| LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. | |||||
| CVE-2014-8769 | 1 Redhat | 1 Tcpdump | 2018-10-09 | 6.4 MEDIUM | N/A |
| tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. | |||||
| CVE-2014-8778 | 1 Checkmarx | 1 Cxsast | 2018-10-09 | 9.0 HIGH | N/A |
| Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission. | |||||
| CVE-2014-8779 | 1 Pexip | 1 Pexip Infinity | 2018-10-09 | 7.1 HIGH | N/A |
| Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys. | |||||
| CVE-2014-8791 | 1 Enalean | 1 Tuleap | 2018-10-09 | 6.0 MEDIUM | N/A |
| project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. | |||||
| CVE-2014-8793 | 1 Revive-adserver | 1 Revive Adserver | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php. | |||||
| CVE-2014-8868 | 1 Entrypass | 1 N5200 Active Network Control Panel | 2018-10-09 | 7.8 HIGH | N/A |
| EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive information, via a request to /4. | |||||
| CVE-2014-8869 | 1 Tapatalk | 1 Tapatalk | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter. | |||||
| CVE-2014-8870 | 1 Tapatalk | 1 Tapatalk | 2018-10-09 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter. | |||||
| CVE-2014-8874 | 1 Kennziffer | 1 Ke Questionnaire | 2018-10-09 | 5.0 MEDIUM | N/A |
| The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2014-8875 | 1 Revive-adserver | 1 Revive Adserver | 2018-10-09 | 5.0 MEDIUM | N/A |
| The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack. | |||||
| CVE-2014-8877 | 1 Creative Minds | 1 Cm Download Manager | 2018-10-09 | 10.0 HIGH | N/A |
| The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. | |||||
| CVE-2014-8962 | 1 Flac | 1 Libflac | 2018-10-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | |||||
| CVE-2014-8993 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type. | |||||
| CVE-2014-9019 | 1 Zte | 1 Zxdsl | 2018-10-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi. | |||||
| CVE-2014-9020 | 1 Zte | 2 Zxdsl 831, Zxdsl 831cii | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases. | |||||
| CVE-2014-9021 | 1 Zteusa | 1 Zxdsl 831 | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases. | |||||
| CVE-2014-9028 | 1 Flac | 1 Libflac | 2018-10-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | |||||
| CVE-2014-9029 | 1 Jasper Project | 1 Jasper | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow. | |||||
| CVE-2014-9104 | 1 Openvpn | 1 Openvpn Access Server | 2018-10-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests. | |||||
| CVE-2014-9129 | 1 Creative Minds | 1 Cm Download Manager | 2018-10-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php. | |||||
| CVE-2014-9140 | 1 Redhat | 1 Tcpdump | 2018-10-09 | 5.0 MEDIUM | N/A |
| Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. | |||||
| CVE-2014-9142 | 1 Technicolor | 1 Td5130 Router Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. | |||||
| CVE-2014-9143 | 1 Technicolor | 1 Td5130 Router Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter. | |||||
| CVE-2014-9144 | 1 Technicolor | 1 Td5130 Router Firmware | 2018-10-09 | 7.5 HIGH | N/A |
| Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | |||||
| CVE-2014-9178 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function. | |||||
| CVE-2014-7216 | 1 Yahoo | 1 Messenger | 2018-10-09 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file. | |||||
| CVE-2014-7807 | 1 Apache | 1 Cloudstack | 2018-10-09 | 5.0 MEDIUM | N/A |
| Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. | |||||
| CVE-2014-7809 | 1 Apache | 1 Struts | 2018-10-09 | 6.8 MEDIUM | N/A |
| Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism. | |||||
| CVE-2014-7864 | 1 Zohocorp | 1 Manageengine Opmanager | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. | |||||
| CVE-2014-7871 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call. | |||||
| CVE-2014-7956 | 1 Podsfoundation | 1 Pods | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php. | |||||
| CVE-2014-7957 | 1 Pods Foundation | 1 Pods | 2018-10-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete action in the pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admin.php, (4) deactivate and reset pod data via the pods_reset_deactivate parameter in the pod-settings page to wp-admin/admin.php, (5) delete the admin role via the id parameter in a delete action in the pods-component-roles-and-capabilities page to wp-admin/admin.php, or (6) enable "roles and capabilities" in a toggle action in the pods-components page to wp-admin/admin.php. | |||||
| CVE-2014-7985 | 1 Espocrm | 1 Espocrm | 2018-10-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php. | |||||
| CVE-2014-7986 | 1 Espocrm | 1 Espocrm | 2018-10-09 | 5.0 MEDIUM | N/A |
| install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter. | |||||
| CVE-2014-7987 | 1 Espocrm | 1 Espocrm | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php. | |||||
| CVE-2014-8081 | 1 Testlink | 1 Testlink | 2018-10-09 | 7.5 HIGH | N/A |
| lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. | |||||
| CVE-2014-8082 | 1 Testlink | 1 Testlink | 2018-10-09 | 5.0 MEDIUM | N/A |
| lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message. | |||||
| CVE-2014-8083 | 1 Osclass | 1 Osclass | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. | |||||