Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0186 | 1 Redhat | 1 Enterprise Linux | 2014-06-16 | 5.0 MEDIUM | N/A |
| A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression. | |||||
| CVE-2014-3782 | 1 Dotclear | 1 Dotclear | 2014-06-12 | 6.0 MEDIUM | N/A |
| Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension. | |||||
| CVE-2013-2602 | 1 Myheritage | 1 Sequeryobject Activex Control | 2014-06-09 | 9.3 HIGH | N/A |
| Multiple array index errors in the MyHeritage SEQueryObject ActiveX control (SearchEngineQuery.dll) 1.0.2.0 allow remote attackers to execute arbitrary code via the (1) seTokensArray, or (2) seTokensValuesArray parameter to the AddTokens method; (3) seLastNameTokensArray parameter to the AddLastNameTokens method; (4) seFrameIdArray, (5) seSourceIdArray, (6) seHasBreakdownArray, (7) seIsIndexedArray, (8) seAllConcatArray, (9) seRefererURLArray, or (10) seMandatoryFieldsArray parameter to the AddMultipleSearches method; (11) seSourceIdArray, (12) seIsIndexedArray, (13) seAllConcatArray, (14) seRefererURLArray, (15) seQATestsArray, (16) seAllSourceIDsArray, (17) seAllSourceTitlesArray, (18) seMandatoryFieldsArray, or (19) seAllSourceRootURLArray parameter to the TestYourself method. | |||||
| CVE-2013-0250 | 1 Corosync | 1 Corosync | 2014-06-09 | 5.0 MEDIUM | N/A |
| The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet. | |||||
| CVE-2014-2056 | 2 Owncloud, Phpdocx | 2 Owncloud, Phpdocx | 2014-06-04 | 7.5 HIGH | N/A |
| PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | |||||
| CVE-2014-2055 | 2 Fruux, Owncloud | 2 Sabredav, Owncloud | 2014-06-04 | 7.5 HIGH | N/A |
| SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | |||||
| CVE-2014-2054 | 2 Owncloud, Phpexcel Project | 2 Owncloud, Phpexcel | 2014-06-04 | 7.5 HIGH | N/A |
| PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | |||||
| CVE-2012-5057 | 1 Owncloud | 1 Owncloud | 2014-06-04 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | |||||
| CVE-2013-7387 | 1 Dleviet | 1 Datalife Engine | 2014-06-03 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie. | |||||
| CVE-2012-5395 | 1 Mediawiki | 1 Mediawiki | 2014-06-03 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie. | |||||
| CVE-2006-2465 | 1 Mp3info | 1 Mp3info | 2014-05-31 | 5.1 MEDIUM | N/A |
| Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability. | |||||
| CVE-2013-2225 | 1 Glpi-project | 1 Glpi | 2014-05-28 | 6.4 MEDIUM | N/A |
| inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php. | |||||
| CVE-2014-2201 | 1 Cisco | 7 Mds 9000, Mds 9100, Nexus 7000 and 4 more | 2014-05-27 | 7.8 HIGH | N/A |
| The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915. | |||||
| CVE-2013-7384 | 1 Unrealircd | 1 Unrealircd | 2014-05-19 | 5.0 MEDIUM | N/A |
| UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types. | |||||
| CVE-2013-4489 | 1 Gitlab | 1 Gitlab | 2014-05-19 | 6.5 MEDIUM | N/A |
| The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature. | |||||
| CVE-2013-4468 | 1 Vicidial | 1 Vicidial | 2014-05-15 | 6.5 MEDIUM | N/A |
| VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php. | |||||
| CVE-2013-4546 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2014-05-14 | 6.5 MEDIUM | N/A |
| The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL. | |||||
| CVE-2013-4490 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2014-05-14 | 6.5 MEDIUM | N/A |
| The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key. | |||||
| CVE-2013-5671 | 1 Mark Evans | 1 Fog-dragonfly | 2014-05-13 | 7.5 HIGH | N/A |
| lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2013-4570 | 1 Mediawiki | 1 Mediawiki | 2014-05-12 | 5.0 MEDIUM | N/A |
| The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function. | |||||
| CVE-2014-2888 | 1 Herry | 1 Sfpagent | 2014-05-10 | 7.5 HIGH | N/A |
| lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request. | |||||
| CVE-2014-2322 | 1 Dynamixsolutions | 1 Arabic Prawn | 2014-05-05 | 7.5 HIGH | N/A |
| lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable. | |||||
| CVE-2013-7220 | 1 Gnome | 1 Gnome-shell | 2014-04-29 | 4.6 MEDIUM | N/A |
| js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. | |||||
| CVE-2014-1216 | 1 Fitnesse | 1 Fitnesse Wiki | 2014-04-22 | 7.5 HIGH | N/A |
| FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page. | |||||
| CVE-2011-4195 | 1 Suse | 3 Kiwi, Studio Extension For System Z, Studio Onsite | 2014-04-17 | 7.5 HIGH | N/A |
| kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name. | |||||
| CVE-2011-4192 | 1 Suse | 3 Kiwi, Studio Extension For System Z, Studio Onsite | 2014-04-17 | 7.5 HIGH | N/A |
| kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile." | |||||
| CVE-2011-3180 | 1 Suse | 3 Kiwi, Studio Extension For System Z, Studio Onsite | 2014-04-17 | 7.5 HIGH | N/A |
| kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown. | |||||
| CVE-2011-3628 | 1 Canonical | 2 Libpam-modules, Ubuntu Linux | 2014-04-16 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname. | |||||
| CVE-2014-2868 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 7.5 HIGH | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable. | |||||
| CVE-2014-2867 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors. | |||||
| CVE-2014-2861 | 1 Paperthin | 1 Commonspot Content Server | 2014-04-16 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string. | |||||
| CVE-2014-0342 | 1 Pivotx | 1 Pivotx | 2014-04-15 | 7.5 HIGH | N/A |
| Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors. | |||||
| CVE-2014-0773 | 1 Advantech | 1 Advantech Webaccess | 2014-04-14 | 7.5 HIGH | N/A |
| The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname. | |||||
| CVE-2014-0343 | 1 Virtualaccess | 2 Gw6110a, Gw6110a Firmware | 2014-03-26 | 4.9 MEDIUM | N/A |
| The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable. | |||||
| CVE-2013-5014 | 1 Symantec | 2 Endpoint Protection Manager, Protection Center | 2014-03-26 | 7.5 HIGH | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-1851 | 1 Owncloud | 1 Owncloud | 2014-03-26 | 3.5 LOW | N/A |
| Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors. | |||||
| CVE-2013-2089 | 1 Owncloud | 1 Owncloud | 2014-03-17 | 4.6 MEDIUM | N/A |
| Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data. | |||||
| CVE-2014-1286 | 1 Apple | 1 Iphone Os | 2014-03-14 | 5.0 MEDIUM | N/A |
| SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. | |||||
| CVE-2014-2093 | 1 Catfish Project | 1 Catfish | 2014-03-11 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory. | |||||
| CVE-2014-2096 | 1 Catfish Project | 1 Catfish | 2014-03-11 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory. | |||||
| CVE-2014-2095 | 1 Catfish Project | 1 Catfish | 2014-03-11 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory. | |||||
| CVE-2014-2094 | 1 Catfish Project | 1 Catfish | 2014-03-11 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the current working directory. | |||||
| CVE-2013-6432 | 1 Linux | 1 Linux Kernel | 2014-03-06 | 4.6 MEDIUM | N/A |
| The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application. | |||||
| CVE-2013-6631 | 1 Google | 1 Chrome | 2014-03-06 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call. | |||||
| CVE-2012-2652 | 1 Qemu | 1 Qemu | 2014-03-06 | 4.4 MEDIUM | N/A |
| The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file. | |||||
| CVE-2014-2088 | 1 Ilias | 1 Ilias | 2014-03-03 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname. | |||||
| CVE-2014-0759 | 1 Schneider-electric | 1 Floating License Manager | 2014-02-28 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | |||||
| CVE-2013-2824 | 1 Schneider-electric | 4 Citectscada, Powerlogic Scada, Struxureware Powerscada Expert and 1 more | 2014-02-26 | 7.8 HIGH | N/A |
| Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet. | |||||
| CVE-2013-4898 | 2 Socialengine, Webhive | 2 Socialengine, Timeline | 2014-02-21 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/. | |||||
| CVE-2014-0039 | 1 Cipherdyne | 1 Fwsnort | 2014-02-21 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory. | |||||