Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4715 | 1 Yann Collet | 1 Lz4 | 2014-07-17 | 5.0 MEDIUM | N/A |
| Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than CVE-2014-4611. | |||||
| CVE-2014-4740 | 2014-07-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-4907, CVE-2014-4908. Reason: This candidate is a duplicate of CVE-2014-4907 and CVE-2014-4908. Notes: All CVE users should reference CVE-2014-4907 and/or CVE-2014-4908 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-4907 | 2 Op5, Pnp4nagios | 2 Monitor, Pnp4nagios | 2014-07-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message. | |||||
| CVE-2014-2965 | 1 Spamtitan | 1 Spamtitan | 2014-07-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter. | |||||
| CVE-2013-6378 | 1 Linux | 1 Linux Kernel | 2014-07-17 | 4.4 MEDIUM | N/A |
| The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. | |||||
| CVE-2013-6407 | 1 Apache | 1 Solr | 2014-07-17 | 6.4 MEDIUM | N/A |
| The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-6408 | 1 Apache | 1 Solr | 2014-07-17 | 6.4 MEDIUM | N/A |
| The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407. | |||||
| CVE-2014-2938 | 1 Hanon | 5 Faceid, Faceid F710 Firmware, Faceid F810 Firmware and 2 more | 2014-07-16 | 8.3 HIGH | N/A |
| Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands. | |||||
| CVE-2014-4154 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2014-07-16 | 5.0 MEDIUM | N/A |
| ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js. | |||||
| CVE-2014-4018 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2014-07-16 | 7.8 HIGH | N/A |
| The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-3777 | 1 Reportico | 1 Php Report Designer | 2014-07-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter. | |||||
| CVE-2014-4663 | 1 Binarymoon | 2 Timthumb, Wordthumb | 2014-07-15 | 6.8 MEDIUM | N/A |
| TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter. | |||||
| CVE-2014-4031 | 1 Arubanetworks | 1 Clearpass | 2014-07-15 | 4.0 MEDIUM | N/A |
| The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors. | |||||
| CVE-2014-1474 | 2 Bestpractical, Email\ | 2 Rt, \ | 2014-07-15 | 5.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address. | |||||
| CVE-2014-2955 | 1 Raritan | 2 Dpxr20a-16, Px | 2014-07-15 | 10.0 HIGH | N/A |
| Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | |||||
| CVE-2014-2951 | 1 Datumsystems | 1 Snip | 2014-07-15 | 10.0 HIGH | N/A |
| Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-2950 | 1 Datumsystems | 1 Snip | 2014-07-15 | 7.8 HIGH | N/A |
| Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions, which allows remote attackers to obtain sensitive information via RETR commands. | |||||
| CVE-2014-2926 | 1 Kaseya | 1 Virtual System Administrator | 2014-07-15 | 1.7 LOW | N/A |
| kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | |||||
| CVE-2014-4946 | 1 Horde | 2 Groupware, Internet Mail Program | 2014-07-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view. | |||||
| CVE-2014-4937 | 1 Bookx Plugin Project | 1 Bookx | 2014-07-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2014-4939 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2014-07-14 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php. | |||||
| CVE-2014-4940 | 1 Tera Charts Plugin Project | 1 Tera-charts | 2014-07-14 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php. | |||||
| CVE-2014-4945 | 1 Horde | 2 Groupware, Internet Mail Program | 2014-07-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view. | |||||
| CVE-2014-4941 | 1 Cross-rss Plugin Project | 1 Wp-cross-rss | 2014-07-14 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. | |||||
| CVE-2014-4944 | 1 Bannersky | 1 Bsk Pdf Manager | 2014-07-14 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php. | |||||
| CVE-2014-4942 | 1 Levelfourdevelopment | 1 Wp-easycart | 2014-07-14 | 5.0 MEDIUM | N/A |
| The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2014-4013 | 1 Arubanetworks | 1 Clearpass | 2014-07-14 | 4.9 MEDIUM | N/A |
| SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4938 | 1 Wp Rss Poster Plugin Project | 1 Wp-rss-poster | 2014-07-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php. | |||||
| CVE-2013-6117 | 1 Dahuasecurity | 1 Dvr Firmware | 2014-07-14 | 7.5 HIGH | N/A |
| Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. | |||||
| CVE-2014-4527 | 1 Envialosimple | 1 Email Marketing Y Newsletters | 2014-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter. | |||||
| CVE-2014-3889 | 1 Silex | 2 Sx-2000wg, Sx-2000wg Firmware | 2014-07-11 | 5.0 MEDIUM | N/A |
| silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via crafted data in the Options field of a TCP header, a different vulnerability than CVE-2014-3890. | |||||
| CVE-2014-4532 | 1 Garagesale Project | 1 Garagesale | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in templates/printAdminUsersList_Footer.tpl.php in the GarageSale plugin before 1.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2014-3890 | 1 Silex | 2 Sx-2000wg, Sx-2000wg Firmware | 2014-07-11 | 5.0 MEDIUM | N/A |
| silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via a crafted IP packet, a different vulnerability than CVE-2014-3889. | |||||
| CVE-2014-4531 | 1 Game Tabs Project | 1 Game Tabs | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the n parameter. | |||||
| CVE-2014-4522 | 1 Dssearchagent Project | 1 Dssearchagent | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in client-assist.php in the dsSearchAgent: WordPress Edition plugin 1.0-beta10 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2014-4524 | 1 Wp Easy Post Types Project | 1 Wp Easy Post Types | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in classes/custom-image/media.php in the WP Easy Post Types plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ref parameter. | |||||
| CVE-2014-4526 | 1 Efence Project | 1 Efence | 2014-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter. | |||||
| CVE-2014-4529 | 2 Flash Photo Gallery Project, Wordpress | 2 Flash Photo Gallery, Wordpress | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||||
| CVE-2014-4574 | 1 Webengage Project | 1 Webengage | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in resize.php in the WebEngage plugin before 2.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the height parameter. | |||||
| CVE-2014-4537 | 1 Keyword Strategy Internal Links Project | 1 Keyword Strategy Internal Links | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) sort, (2) search, or (3) dir parameter. | |||||
| CVE-2014-4576 | 1 Wordpress Social Login Project | 1 Wordpress Social Login | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter. | |||||
| CVE-2014-4540 | 1 Oleggo Livestream Project | 1 Oleggo Livestream | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_login_form.php in the Oleggo LiveStream plugin 0.2.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2014-4541 | 1 Omfg Mobile Project | 1 Omfg Mobile | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shortcode-generator/preview-shortcode-external.php in the OMFG Mobile Pro plugin 1.1.26 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. | |||||
| CVE-2014-4542 | 1 Ooorl Project | 1 Ooorl | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2014-4597 | 1 Wp Social Invitations Project | 1 Wp Social Invitations | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in test.php in the WP Social Invitations plugin before 1.4.4.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter. | |||||
| CVE-2014-4547 | 1 Rezgo | 1 Online Booking | 2014-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) tags or (2) search_for parameter. | |||||
| CVE-2014-4591 | 1 Wp Picasa Image Project | 1 Wp Picasa Image | 2014-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in picasa_upload.php in the WP-Picasa-Image plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. | |||||
| CVE-2014-3991 | 1 Dolibarr | 1 Dolibarr | 2014-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php. | |||||
| CVE-2014-3992 | 1 Dolibarr | 1 Dolibarr | 2014-07-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. | |||||
| CVE-2014-3499 | 2 Docker, Fedoraproject | 2 Docker, Fedora | 2014-07-11 | 7.2 HIGH | N/A |
| Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. | |||||