Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2493 | 1 Oracle | 1 Fusion Middleware | 2018-10-09 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, and 12.1.2.0.0 allows remote attackers to affect confidentiality and availability via vectors related to ADF Faces. | |||||
| CVE-2014-2494 | 1 Oracle | 1 Mysql | 2018-10-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. | |||||
| CVE-2014-2495 | 1 Oracle | 1 Peoplesoft Products | 2018-10-09 | 2.3 LOW | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Purchasing. | |||||
| CVE-2014-2496 | 1 Oracle | 1 Peoplesoft Products | 2018-10-09 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Test Framework. | |||||
| CVE-2014-2506 | 1 Emc | 1 Documentum Content Server | 2018-10-09 | 8.5 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | |||||
| CVE-2014-2507 | 1 Emc | 1 Documentum Content Server | 2018-10-09 | 8.5 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods. | |||||
| CVE-2014-2508 | 1 Emc | 1 Documentum Content Server | 2018-10-09 | 7.5 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints. | |||||
| CVE-2014-2509 | 1 Emc | 1 Smarts Network Configuration Manager | 2018-10-09 | 5.4 MEDIUM | N/A |
| Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. | |||||
| CVE-2014-2512 | 1 Emc | 1 Documentum Eroom | 2018-10-09 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2531 | 1 Interworx | 1 Web Control Panel | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object. | |||||
| CVE-2014-2540 | 1 Orbitscripts | 1 Orbit Open Ad Server | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory. | |||||
| CVE-2014-2570 | 1 Php Font Lib Project | 1 Php Font Lib | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2014-2575 | 1 Devexpress | 1 Aspxfilemanager Control For Webforms And Mvc | 2018-10-09 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter. | |||||
| CVE-2014-2577 | 1 Bottomline | 1 Transform Foundation Server | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI. | |||||
| CVE-2014-2579 | 1 Xcloner | 1 Xcloner | 2018-10-09 | 7.6 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands. | |||||
| CVE-2014-2654 | 1 Mobfox | 1 Madserve | 2018-10-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/. | |||||
| CVE-2014-2689 | 1 Slashes\&dots | 1 Offria | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php. | |||||
| CVE-2014-2715 | 1 Videowhisper | 1 Videowhisper | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.php. | |||||
| CVE-2014-2716 | 1 Ekahau | 4 Activator, B4 Staff Badge Tag, B4 Staff Badge Tag Firmware and 1 more | 2018-10-09 | 4.3 MEDIUM | N/A |
| Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts. | |||||
| CVE-2014-2729 | 1 Ektron | 1 Ektron Content Management System | 2018-10-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option. | |||||
| CVE-2014-2730 | 1 Microsoft | 1 Office | 2018-10-09 | 5.0 MEDIUM | N/A |
| The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document containing a large number of nested entity references, as demonstrated by a crafted text/plain e-mail message to Outlook, a similar issue to CVE-2003-1564. | |||||
| CVE-2014-2735 | 1 Winscp | 1 Winscp | 2018-10-09 | 5.8 MEDIUM | N/A |
| WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2014-2737 | 1 Knowledgetree | 1 Knowledgetree | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function. | |||||
| CVE-2014-2857 | 1 Gopivotal | 2 Grails, Grails-resources | 2018-10-09 | 5.0 MEDIUM | N/A |
| The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from CVE-2014-0053 due to different researchers per ADT5. | |||||
| CVE-2014-2858 | 1 Gopivotal | 2 Grails, Grails-resources | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types. | |||||
| CVE-2014-2879 | 1 Sonicwall | 1 Email Security Appliance | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page. | |||||
| CVE-2014-2987 | 1 Egroupware | 1 Egroupware | 2018-10-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988. | |||||
| CVE-2014-2988 | 1 Egroupware | 1 Egroupware | 2018-10-09 | 8.5 HIGH | N/A |
| EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987. | |||||
| CVE-2014-2996 | 1 Xcloner | 1 Xcloner | 2018-10-09 | 7.1 HIGH | N/A |
| XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579. | |||||
| CVE-2014-3006 | 1 Sitepark | 1 Information Enterprise Server | 2018-10-09 | 6.8 MEDIUM | N/A |
| Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/. | |||||
| CVE-2014-3100 | 1 Google | 1 Android | 2018-10-09 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name. | |||||
| CVE-2014-3111 | 1 Fogproject | 1 Fog | 2018-10-09 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page. | |||||
| CVE-2014-3210 | 2 Dotonpaper, Wordpress | 2 Booking System, Wordpress | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php. | |||||
| CVE-2014-3225 | 1 Cobblerd | 1 Cobbler | 2018-10-09 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. | |||||
| CVE-2014-3418 | 1 Infoblox | 1 Netmri | 2018-10-09 | 10.0 HIGH | N/A |
| config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. | |||||
| CVE-2014-3419 | 1 Infoblox | 1 Netmri | 2018-10-09 | 7.2 HIGH | N/A |
| Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. | |||||
| CVE-2014-3427 | 1 Yealink | 1 Voip Phone Firmware | 2018-10-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet. | |||||
| CVE-2014-3428 | 1 Yealink | 2 Voip Phone, Voip Phone Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet. | |||||
| CVE-2014-3437 | 1 Symantec | 1 Endpoint Protection Manager | 2018-10-09 | 7.5 HIGH | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-3438 | 1 Symantec | 1 Endpoint Protection Manager | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3439 | 1 Symantec | 1 Endpoint Protection Manager | 2018-10-09 | 6.1 MEDIUM | N/A |
| ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. | |||||
| CVE-2014-3450 | 1 Pandasecurity | 4 Panda Av Pro 2014, Panda Global Protection 2014, Panda Gold Protection and 1 more | 2018-10-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2014-0372 | 1 Oracle | 2 Supply Chain Products Suite, Supply Chain Products Suite Sql-server | 2018-10-09 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to DM Others. | |||||
| CVE-2014-0436 | 1 Oracle | 1 Hyperion | 2018-10-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Web Analysis. | |||||
| CVE-2014-0514 | 1 Adobe | 1 Adobe Reader | 2018-10-09 | 9.3 HIGH | N/A |
| The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636. | |||||
| CVE-2014-0647 | 2 Apple, Starbucks | 2 Iphone Os, Starbucks | 2018-10-09 | 2.1 LOW | N/A |
| The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog. | |||||
| CVE-2014-0749 | 1 Adaptivecomputing | 1 Torque Resource Manager | 2018-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value. | |||||
| CVE-2014-0793 | 2 Joomla, Stackideas | 2 Joomla\!, Komento | 2018-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI. | |||||
| CVE-2014-0794 | 1 Joomla | 2 Com Jvcomment, Joomla\! | 2018-10-09 | 4.3 MEDIUM | N/A |
| SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php. | |||||
| CVE-2014-0864 | 1 Ibm | 1 Algo Credit Limits | 2018-10-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document. | |||||