Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0604 | 1 Attachmate | 1 Reflection Ftp Client | 2015-02-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog method. | |||||
| CVE-2014-9354 | 1 Netapp | 1 Oncommand Balance | 2015-02-09 | 4.0 MEDIUM | N/A |
| NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. | |||||
| CVE-2014-8614 | 2015-02-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none. | |||||
| CVE-2014-8615 | 2015-02-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none. | |||||
| CVE-2015-1479 | 1 Zohocorp | 1 Servicedesk Plus | 2015-02-06 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter. | |||||
| CVE-2014-9353 | 1 Netapp | 1 Oncommand Balance | 2015-02-06 | 10.0 HIGH | N/A |
| NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2014-0606 | 2015-02-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0603. Reason: This issue was MERGED into CVE-2014-0603 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-0603 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-8272 | 2 Dell, Intel | 4 Idrac6 Modular, Idrac6 Monolithic, Idrac7 and 1 more | 2015-02-05 | 5.0 MEDIUM | N/A |
| The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. | |||||
| CVE-2014-5776 | 1 Playmemoriesonline | 1 Playmemories Online | 2015-02-05 | 5.4 MEDIUM | N/A |
| The PlayMemories Online (aka jp.co.sony.tablet.PersonalSpace) application 4.2.0.05070 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-9049 | 1 Owncloud | 1 Owncloud | 2015-02-05 | 4.0 MEDIUM | N/A |
| The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method. | |||||
| CVE-2014-9047 | 1 Owncloud | 1 Owncloud | 2015-02-05 | 4.3 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2014-9048 | 1 Owncloud | 1 Owncloud | 2015-02-05 | 5.0 MEDIUM | N/A |
| The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API. | |||||
| CVE-2014-9045 | 1 Owncloud | 1 Owncloud | 2015-02-05 | 5.0 MEDIUM | N/A |
| The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password. | |||||
| CVE-2014-9046 | 1 Owncloud | 1 Owncloud | 2015-02-05 | 5.0 MEDIUM | N/A |
| The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol. | |||||
| CVE-2014-9562 | 1 M2 Technologies | 1 Optimalsite | 2015-02-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 OptimalSite 0.1 and 2.4 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | |||||
| CVE-2014-9044 | 1 Owncloud | 1 Owncloud | 2015-02-05 | 5.0 MEDIUM | N/A |
| Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack. | |||||
| CVE-2014-9043 | 1 Owncloud | 1 Owncloud | 2015-02-05 | 5.0 MEDIUM | N/A |
| The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. | |||||
| CVE-2014-5341 | 1 Owncloud | 1 Owncloud | 2015-02-05 | 4.3 MEDIUM | N/A |
| The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-9042 | 1 Owncloud | 1 Owncloud | 2015-02-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041. | |||||
| CVE-2014-9041 | 1 Owncloud | 1 Owncloud | 2015-02-05 | 6.8 MEDIUM | N/A |
| The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks. | |||||
| CVE-2015-1477 | 1 Cmsjunkie | 1 J-classifiedsmanager | 2015-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads. | |||||
| CVE-2015-1478 | 1 Cmsjunkie | 1 J-classifiedsmanager | 2015-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds. | |||||
| CVE-2015-1476 | 1 Ecommercemajor Project | 1 Ecommercemajor | 2015-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php. | |||||
| CVE-2015-1469 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2015-02-04 | 9.0 HIGH | N/A |
| time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930. | |||||
| CVE-2015-1460 | 1 Huawei | 10 Quidway Firmware, Quidway S2350, Quidway S2750 and 7 more | 2015-02-04 | 7.5 HIGH | N/A |
| Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. | |||||
| CVE-2015-0930 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2015-02-04 | 10.0 HIGH | N/A |
| The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session. | |||||
| CVE-2015-0929 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2015-02-04 | 10.0 HIGH | N/A |
| time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response. | |||||
| CVE-2015-0869 | 1 I-o Data Device | 1 Np-bbrm | 2015-02-04 | 7.8 HIGH | N/A |
| I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | |||||
| CVE-2015-1441 | 1 Piwigo | 1 Piwigo | 2015-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-1400 | 1 Npds | 1 Revolution | 2015-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2015-1348 | 1 Arubanetworks | 2 Instant Access Point, Instant Access Point Firmware | 2015-02-04 | 7.8 HIGH | N/A |
| Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface. | |||||
| CVE-2014-9633 | 1 Comodo | 1 Backup | 2015-02-04 | 7.5 HIGH | N/A |
| The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. | |||||
| CVE-2015-1448 | 1 Siemens | 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more | 2015-02-04 | 10.0 HIGH | N/A |
| The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. | |||||
| CVE-2015-1449 | 1 Siemens | 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more | 2015-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-1450 | 1 Restaurantbiller | 1 Restaurant Biller | 2015-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php. | |||||
| CVE-2015-1404 | 1 Content Rating Extbase Project | 1 Content Rating Extbase | 2015-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1402 | 1 Content Rating Project | 1 Content Rating | 2015-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1383 | 1 Geo Mashup Project | 1 Geo Mashup | 2015-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key. | |||||
| CVE-2015-1357 | 1 Siemens | 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more | 2015-02-04 | 5.0 MEDIUM | N/A |
| Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. | |||||
| CVE-2015-1030 | 1 Privoxy | 1 Privoxy | 2015-02-04 | 5.0 MEDIUM | N/A |
| Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached. | |||||
| CVE-2015-1403 | 1 Content Rating Project | 1 Content Rating | 2015-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-1405 | 1 Content Rating Extbase Project | 1 Content Rating Extbase | 2015-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-8613 | 1 Freebsd | 1 Freebsd | 2015-02-04 | 7.8 HIGH | N/A |
| The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk. | |||||
| CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2015-02-04 | 7.5 HIGH | N/A |
| SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | |||||
| CVE-2014-7782 | 1 Macedonia Hacienda Hotel Project | 1 Macedonia Hacienda Hotel | 2015-02-04 | 5.4 MEDIUM | N/A |
| The Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMacedonia) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6382 | 1 Juniper | 11 Junos, Mx10, Mx104 and 8 more | 2015-02-04 | 7.1 HIGH | N/A |
| The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete. | |||||
| CVE-2014-9559 | 1 Snipsnap | 1 Snipsnap | 2015-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search. | |||||
| CVE-2014-7269 | 1 Asus | 10 Rt-ac56s, Rt-ac56s Firmware, Rt-ac68u and 7 more | 2015-02-04 | 6.5 MEDIUM | N/A |
| ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-0926 | 1 Labtech Software | 1 Labtech | 2015-02-03 | 6.8 MEDIUM | N/A |
| Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. | |||||
| CVE-2015-0870 | 1 Nishishi | 1 Fumy News Clipper | 2015-02-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||