Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6682 | 1 W88235ff7bdc2fb574f1789750ea99ed6 Project | 1 W88235ff7bdc2fb574f1789750ea99ed6 | 2014-10-03 | 5.4 MEDIUM | N/A |
| The w88235ff7bdc2fb574f1789750ea99ed6 (aka com.w88235ff7bdc2fb574f1789750ea99ed6) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6686 | 1 Zoho | 1 Zoho Books - Accounting App | 2014-10-03 | 5.4 MEDIUM | N/A |
| The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6680 | 1 Superheroquiz Project | 1 Superheroquiz | 2014-10-03 | 5.4 MEDIUM | N/A |
| The superheroquiz (aka com.davidhey.superheroquiz) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6679 | 1 Wepisdparentportal Project | 1 Wepisdparentportal | 2014-10-03 | 5.4 MEDIUM | N/A |
| The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6673 | 1 Zhtiantian | 1 Challengertx | 2014-10-03 | 5.4 MEDIUM | N/A |
| The ChallengerTX (aka com.zhtiantian.ChallengerTX) application 3.9.12.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6674 | 1 Amazighmusic Project | 1 Amazighmusic | 2014-10-03 | 5.4 MEDIUM | N/A |
| The Amazighmusic (aka nl.appsandroo.Amazighmusic) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6667 | 1 Racemotocross Project | 1 Racemotocross | 2014-10-03 | 5.4 MEDIUM | N/A |
| The racemotocross (aka com.bossappsmk.racemotocross) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-5495 | 1 Plone | 1 Plone | 2014-10-02 | 5.0 MEDIUM | N/A |
| python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back." | |||||
| CVE-2014-6269 | 1 Haproxy | 1 Haproxy | 2014-10-02 | 5.0 MEDIUM | N/A |
| Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read. | |||||
| CVE-2012-5507 | 2 Plone, Zope | 2 Plone, Zope | 2014-10-02 | 4.3 MEDIUM | N/A |
| AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. | |||||
| CVE-2014-5959 | 1 Mytx | 1 Tx Smart | 2014-10-02 | 5.4 MEDIUM | N/A |
| The tx Smart (aka com.wooriwm.txsmart) application 7.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-5506 | 1 Plone | 1 Plone | 2014-10-02 | 5.0 MEDIUM | N/A |
| python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access. | |||||
| CVE-2012-5505 | 1 Plone | 1 Plone | 2014-10-02 | 5.0 MEDIUM | N/A |
| atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. | |||||
| CVE-2012-5496 | 1 Plone | 1 Plone | 2014-10-02 | 5.0 MEDIUM | N/A |
| kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. | |||||
| CVE-2012-5489 | 2 Plone, Zope | 2 Plone, Zope | 2014-10-02 | 6.5 MEDIUM | N/A |
| The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. | |||||
| CVE-2012-0811 | 1 Postfix | 1 Postfix | 2014-10-02 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. | |||||
| CVE-2014-5444 | 1 Yorba | 1 Geary | 2014-10-02 | 4.3 MEDIUM | N/A |
| Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate. | |||||
| CVE-2014-7190 | 1 Openfiler | 1 Openfiler | 2014-10-01 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html. | |||||
| CVE-2012-6316 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2014-10-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. | |||||
| CVE-2012-5503 | 1 Plone | 1 Plone | 2014-10-01 | 5.0 MEDIUM | N/A |
| ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. | |||||
| CVE-2012-5501 | 1 Plone | 1 Plone | 2014-10-01 | 5.0 MEDIUM | N/A |
| at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. | |||||
| CVE-2012-5504 | 1 Plone | 1 Plone | 2014-10-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5502 | 1 Plone | 1 Plone | 2014-10-01 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5494 | 1 Plone | 1 Plone | 2014-10-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate." | |||||
| CVE-2012-5493 | 1 Plone | 1 Plone | 2014-10-01 | 8.5 HIGH | N/A |
| gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. | |||||
| CVE-2012-5492 | 1 Plone | 1 Plone | 2014-10-01 | 5.0 MEDIUM | N/A |
| uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL. | |||||
| CVE-2012-5491 | 1 Plone | 1 Plone | 2014-10-01 | 4.3 MEDIUM | N/A |
| z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. | |||||
| CVE-2012-5490 | 1 Plone | 1 Plone | 2014-10-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5487 | 1 Plone | 1 Plone | 2014-10-01 | 8.5 HIGH | N/A |
| The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing. | |||||
| CVE-2014-3823 | 1 Juniper | 1 Junos Pulse Secure Access Service | 2014-10-01 | 4.3 MEDIUM | N/A |
| The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2013-3068 | 1 Cisco | 2 Linksys Wrt310n Router Firmware, Linksys Wrt350n | 2014-10-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports. | |||||
| CVE-2013-3083 | 1 Belkin | 1 F5d8236-4 V2 | 2014-10-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters. | |||||
| CVE-2013-3092 | 1 Belkin | 2 N300, N300 Firmware | 2014-10-01 | 8.3 HIGH | N/A |
| The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. | |||||
| CVE-2013-3086 | 1 Belkin | 2 N900, N900 Firmware | 2014-10-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. | |||||
| CVE-2013-3089 | 1 Belkin | 2 N300, N300 Firmware | 2014-10-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. | |||||
| CVE-2013-3632 | 1 Openmediavault | 1 Openmediavault | 2014-09-30 | 9.0 HIGH | N/A |
| The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. | |||||
| CVE-2014-3811 | 1 Juniper | 2 Juniper Installer Service Client, Junos Pulse Client | 2014-09-30 | 7.2 HIGH | N/A |
| Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2013-3065 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2014-09-30 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section. | |||||
| CVE-2013-3066 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2014-09-30 | 7.1 HIGH | N/A |
| Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. | |||||
| CVE-2013-3064 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2014-09-30 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter. | |||||
| CVE-2014-6809 | 2014-09-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6846, CVE-2014-6847. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-6846 and CVE-2014-6847 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-5619 | 1 Sleuthkit | 1 The Sleuth Kit | 2014-09-30 | 2.1 LOW | N/A |
| The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame. | |||||
| CVE-2014-7152 | 1 Mailchimp | 1 Easy Mailchimp Forms Plugin | 2014-09-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-6445 | 1 Contactus | 1 Contact Form 7 Integrations | 2014-09-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter. | |||||
| CVE-2014-6664 | 1 Latin Angels Music Hd Project | 1 Latin Angels Music Hd | 2014-09-29 | 5.4 MEDIUM | N/A |
| The Latin Angels Music HD (aka com.applizards.lafreetj) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6685 | 1 Netjapan | 1 Tsushima Travel Guide | 2014-09-29 | 5.4 MEDIUM | N/A |
| The Tsushima Travel Guide (aka com.netjapan.ntsushima) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6684 | 1 Mol | 1 Mol Bringapont | 2014-09-29 | 5.4 MEDIUM | N/A |
| The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6683 | 1 Openelectrical | 1 Open Electrical Webser | 2014-09-29 | 5.4 MEDIUM | N/A |
| The Open Electrical Webser (aka com.wOpenElectricalWeb) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6681 | 1 Wordbox | 1 Mahabharata Audiocast | 2014-09-29 | 5.4 MEDIUM | N/A |
| The Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6678 | 1 Wordbox | 1 Algeria Radio | 2014-09-29 | 5.4 MEDIUM | N/A |
| The Algeria Radio (aka com.wordbox.algeriaRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||