Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5283 | 1 Smoothwall | 1 Smoothwall | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action. | |||||
| CVE-2011-5284 | 1 Smoothwall | 1 Smoothwall | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi. | |||||
| CVE-2012-6654 | 1 Zpanelcp | 1 Zpanel | 2017-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) resetkey or (2) inConfEmail parameter to index.php, a different vulnerability than CVE-2012-5685. | |||||
| CVE-2012-6687 | 1 Fastcgi | 1 Fcgi | 2017-09-08 | 5.0 MEDIUM | N/A |
| FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. | |||||
| CVE-2013-7406 | 1 Mrbs Project | 1 Mrbs | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-7416 | 1 Canto | 1 Canto Curses | 2017-09-08 | 7.5 HIGH | N/A |
| canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | |||||
| CVE-2013-7417 | 1 Ipcop | 1 Ipcop | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer. | |||||
| CVE-2014-100001 | 1 Seopressor | 1 Seo Plugin Liveoptim | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-100002 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket. | |||||
| CVE-2014-100005 | 1 D-link | 2 Dir-60, Dir-600 Firmware | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. | |||||
| CVE-2014-100006 | 1 Webtrees | 1 Webtrees | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in modules_v3/googlemap/wt_v3_street_view.php in webtrees before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) map, (2) streetview, or (3) reset parameter. | |||||
| CVE-2014-100007 | 1 Hk Exif Tags Project | 1 Hk Exif Tags | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-100008 | 1 Joomlaskin | 1 Js Multi Hotel | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||||
| CVE-2014-10001 | 1 Phpjabbers | 1 Appointment Scheduler | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller. | |||||
| CVE-2014-100013 | 1 Clientresponse Project | 1 Clientresponse | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field. | |||||
| CVE-2014-100014 | 1 Solidworks | 1 Product Data Management | 2017-09-08 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000. | |||||
| CVE-2014-100015 | 1 Solidworks | 1 Product Data Management | 2017-09-08 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload. | |||||
| CVE-2014-100016 | 1 Photocati Media | 1 Photocrati | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter. | |||||
| CVE-2014-100017 | 1 Phponlinechat | 1 Phponlinechat | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field. | |||||
| CVE-2014-100019 | 1 Pomm-project | 1 Pomm | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-100020 | 1 Itechscripts | 1 Itechclassifieds | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. | |||||
| CVE-2014-100022 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. | |||||
| CVE-2014-100023 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php. | |||||
| CVE-2014-100024 | 1 Seopanel | 1 Seo Panel | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-100025 | 1 Savsoft Technologies | 1 Savsoft Quiz | 2017-09-08 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in index.php/user_data/insert_user in Savsoft Quiz allows remote attackers to hijack the authentication of administrators for requests that create an administrator account via a crafted request. | |||||
| CVE-2014-100026 | 1 April\'s Super Functions Pack Project | 1 April\'s Super Functions Pack | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in readme.php in the April's Super Functions Pack plugin before 1.4.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-100027 | 1 Getusedtoit | 1 Wp Slimstat | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-100028 | 1 Webcrafted Project | 1 Webcrafted | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username. | |||||
| CVE-2014-100029 | 1 Ganesha Digital Library Project | 1 Ganesha Digital Library | 2017-09-08 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. | |||||
| CVE-2014-10003 | 1 Maian Script World | 1 Maian Uploader | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. | |||||
| CVE-2014-100030 | 1 Ganesha Digital Library Project | 1 Ganesha Digital Library | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action. | |||||
| CVE-2014-100031 | 1 Ismail Fahmi | 1 Ganesha Digital Library | 2017-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. | |||||
| CVE-2014-100032 | 1 Airties | 1 Air 6372 | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter. | |||||
| CVE-2014-100034 | 1 Licensepal | 1 Arcticdesk | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-100036 | 1 Flatpress | 1 Flatpress | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. | |||||
| CVE-2014-100038 | 1 Storytlr | 1 Storytlr | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/. | |||||
| CVE-2014-10004 | 1 Maianscriptworld | 1 Maian Uploader | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-10007 | 1 Maianscriptworld | 1 Maian Weblog | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact action to index.php. | |||||
| CVE-2014-10008 | 1 Iwcn | 1 Stark Crm | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page. | |||||
| CVE-2014-10009 | 1 Iwcn | 1 Stark Crm | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page. | |||||
| CVE-2014-10010 | 1 Phpjabbers | 1 Appointment Scheduler | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller. | |||||
| CVE-2014-10011 | 1 Trendnet | 2 Tv-ip422w, Tv-ip422wn | 2017-09-08 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function. | |||||
| CVE-2014-10012 | 1 Awpcp | 1 Another Wordpress Classifieds Plugin | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. | |||||
| CVE-2014-10013 | 1 Awpcp | 1 Another Wordpress Classifieds Plugin | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action. | |||||
| CVE-2014-10014 | 1 Phpjabbers | 1 Event Booking Calendar | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller. | |||||
| CVE-2014-10016 | 1 Welcart | 1 E-commerce | 2017-09-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time parameter in an add_delivery_method action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-10017 | 1 Welcart | 1 E-commerce | 2017-09-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. | |||||
| CVE-2014-10018 | 1 Teracom | 1 T2-b-gawv1.4u10y-bi | 2017-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter. | |||||
| CVE-2014-10019 | 1 Teracom | 1 T2-b-gawv1.4u10y-bi | 2017-09-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or (2) change the password via a crafted request. | |||||
| CVE-2014-10020 | 1 Tecorange | 1 Simple E-document | 2017-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||