CVEs from 2014
Total
7,867
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8884 | medium | — | 6.1 | 12y ago | Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial o… | |||
| CVE-2014-7997 | medium | — | 6.1 | 12y ago | The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cau… | |||
| CVE-2014-3409 | medium | — | 6.1 | 12y ago | The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device relo… | |||
| CVE-2014-7154 | medium | — | 6.1 | 12y ago | Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a d… | |||
| CVE-2014-3379 | medium | — | 6.1 | 12y ago | Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCu… | |||
| CVE-2014-4406 | medium | 6.1 | 6.1 | 12y ago | Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-2388 | medium | — | 6.1 | 12y ago | The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-depe… | |||
| CVE-2014-3322 | medium | — | 6.1 | 12y ago | Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via mal… | |||
| CVE-2014-3284 | medium | — | 6.1 | 12y ago | Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | |||
| CVE-2014-3273 | medium | — | 6.1 | 12y ago | The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. | |||
| CVE-2014-1530 | medium | 6.1 | 6.1 | 12y ago | The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL wi… | |||
| CVE-2014-2182 | medium | — | 6.1 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun4… | |||
| CVE-2014-0353 | medium | — | 6.1 | 12y ago | The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters. | |||
| CVE-2014-2144 | medium | — | 6.1 | 12y ago | Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CS… | |||
| CVE-2014-2131 | medium | — | 6.1 | 12y ago | The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD)… | |||
| CVE-2014-2526 | medium | 6.1 | 6.1 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to … | |||
| CVE-2014-2252 | medium | — | 6.1 | 12y ago | Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability t… | |||
| CVE-2014-2253 | medium | — | 6.1 | 12y ago | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets. | |||
| CVE-2014-2309 | medium | — | 6.1 | 12y ago | The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory co… | |||
| CVE-2014-1219 | medium | — | 6.1 | 13y ago | CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end o… | |||
| CVE-2014-0482 | medium | — | 6.0 | 4y ago | The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.R… | |||
| CVE-2014-3476 | medium | — | 6.0 | 4y ago | OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges b… | |||
| CVE-2014-8175 | medium | — | 6.0 | 11y ago | Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file. | |||
| CVE-2014-9734 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a rev… | |||
| CVE-2014-8605 | medium | — | 6.0 | 11y ago | The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to … | |||
| CVE-2014-8604 | medium | — | 6.0 | 11y ago | The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive inform… | |||
| CVE-2014-0999 | medium | — | 6.0 | 11y ago | Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Ref… | |||
| CVE-2014-9261 | medium | — | 6.0 | 11y ago | The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path … | |||
| CVE-2014-7883 | medium | — | 6.0 | 11y ago | HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response. | |||
| CVE-2014-8826 | medium | — | 6.0 | 12y ago | LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. | |||
| CVE-2014-9573 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the… | |||
| CVE-2014-8802 | medium | — | 6.0 | 12y ago | The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted … | |||
| CVE-2014-100029 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newt… | |||
| CVE-2014-10010 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pj… | |||
| CVE-2014-100002 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to Wor… | |||
| CVE-2014-9581 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue wa… | |||
| CVE-2014-9436 | medium | — | 6.0 | 12y ago | Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. | |||
| CVE-2014-9119 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2014-1908 | medium | — | 6.0 | 12y ago | The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attac… | |||
| CVE-2014-6168 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for reque… | |||
| CVE-2014-6187 | medium | — | 6.0 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8… | |||
| CVE-2014-9324 | medium | — | 6.0 | 12y ago | The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vector… | |||
| CVE-2014-8272 | medium | — | 6.0 | 12y ago | The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote at… | |||
| CVE-2014-8270 | medium | — | 6.0 | 12y ago | BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. | |||
| CVE-2014-3058 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users … | |||
| CVE-2014-9350 | medium | — | 6.0 | 12y ago | TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" va… | |||
| CVE-2014-9218 | medium | — | 6.0 | 12y ago | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long p… | |||
| CVE-2014-9302 | medium | — | 6.0 | 12y ago | Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attacke… | |||
| CVE-2014-6034 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.… | |||
| CVE-2014-5446 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read a… | |||
| CVE-2014-5445 | medium | — | 6.0 | 12y ago | Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via… | |||
| CVE-2014-8775 | medium | — | 6.0 | 12y ago | MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive informat… | |||
| CVE-2014-9181 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote auth… | |||
| CVE-2014-7816 | medium | — | 6.0 | 12y ago | Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow | |||
| CVE-2014-8801 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUER… | |||
| CVE-2014-8799 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (do… | |||
| CVE-2014-9034 | medium | — | 6.0 | 12y ago | wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long … | |||
| CVE-2014-9016 | medium | — | 6.0 | 12y ago | The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and m… | |||
| CVE-2014-8768 | medium | — | 6.0 | 12y ago | Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a… | |||
| CVE-2014-8493 | medium | — | 6.0 | 12y ago | ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. | |||
| CVE-2014-8995 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | |||
| CVE-2014-7992 | medium | — | 6.0 | 12y ago | The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, a… | |||
| CVE-2014-2268 | medium | — | 6.0 | 12y ago | views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the … | |||
| CVE-2014-8555 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter. | |||
| CVE-2014-8652 | medium | — | 6.0 | 12y ago | Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681. | |||
| CVE-2014-8657 | medium | — | 6.0 | 12y ago | The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via … | |||
| CVE-2014-8655 | medium | — | 6.0 | 12y ago | The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via a… | |||
| CVE-2014-0995 | medium | — | 6.0 | 12y ago | The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the… | |||
| CVE-2014-4311 | medium | — | 6.0 | 12y ago | Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection a… | |||
| CVE-2014-4839 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 … | |||
| CVE-2014-6251 | medium | — | 6.0 | 12y ago | Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overf… | |||
| CVE-2014-5094 | medium | — | 6.0 | 12y ago | Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function. | |||
| CVE-2014-6308 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php. | |||
| CVE-2014-8313 | medium | — | 6.0 | 12y ago | Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | |||
| CVE-2014-3663 | medium | — | 6.0 | 12y ago | Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs | |||
| CVE-2014-6483 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unkn… | |||
| CVE-2014-3593 | medium | — | 6.0 | 12y ago | Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. | |||
| CVE-2014-5300 | medium | — | 6.0 | 12y ago | Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature. | |||
| CVE-2014-2641 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vec… | |||
| CVE-2014-4816 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before … | |||
| CVE-2014-2009 | medium | — | 6.0 | 12y ago | The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log. | |||
| CVE-2014-4785 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote au… | |||
| CVE-2014-3037 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Softwar… | |||
| CVE-2014-4863 | medium | — | 6.0 | 12y ago | The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP reque… | |||
| CVE-2014-5377 | medium | — | 6.0 | 12y ago | ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. | |||
| CVE-2014-5465 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file… | |||
| CVE-2014-5337 | medium | — | 6.0 | 12y ago | The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exporta… | |||
| CVE-2014-3024 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2… | |||
| CVE-2014-3040 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.… | |||
| CVE-2014-5454 | medium | — | 6.0 | 12y ago | Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte… | |||
| CVE-2014-5368 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows re… | |||
| CVE-2014-5350 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/… | |||
| CVE-2014-5349 | medium | — | 6.0 | 12y ago | Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function. | |||
| CVE-2014-5266 | medium | — | 6.0 | 12y ago | The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote atta… | |||
| CVE-2014-5185 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edi… | |||
| CVE-2014-5182 | medium | — | 6.0 | 12y ago | Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) … | |||
| CVE-2014-5176 | medium | — | 6.0 | 12y ago | SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-0948 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code v… | |||
| CVE-2014-0947 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site. | |||
| CVE-2014-5116 | medium | — | 6.0 | 12y ago | The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. |