CVEs from 2014
Total
7,867
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8018 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers… | |||
| CVE-2014-3410 | medium | — | 4.3 | 12y ago | The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and the… | |||
| CVE-2014-5212 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn paramete… | |||
| CVE-2014-9135 | medium | — | 4.3 | 12y ago | The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted… | |||
| CVE-2014-8793 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_… | |||
| CVE-2014-8724 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the … | |||
| CVE-2014-2716 | medium | — | 4.3 | 12y ago | Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers t… | |||
| CVE-2014-2026 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to… | |||
| CVE-2014-7268 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2014-8902 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, an… | |||
| CVE-2014-6171 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 … | |||
| CVE-2014-8012 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted… | |||
| CVE-2014-6174 | medium | — | 4.3 | 12y ago | IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site. | |||
| CVE-2014-6167 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers … | |||
| CVE-2014-6166 | medium | — | 4.3 | 12y ago | The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote a… | |||
| CVE-2014-6076 | medium | — | 4.3 | 12y ago | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a cra… | |||
| CVE-2014-9253 | medium | — | 4.3 | 12y ago | The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF… | |||
| CVE-2014-8006 | medium | — | 4.3 | 12y ago | The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bu… | |||
| CVE-2014-8247 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecif… | |||
| CVE-2014-6176 | medium | — | 4.3 | 12y ago | IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL s… | |||
| CVE-2014-8751 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) na… | |||
| CVE-2014-5466 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrar… | |||
| CVE-2014-6254 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device det… | |||
| CVE-2014-3364 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2014-4633 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-4628 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-7265 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-4815 | medium | — | 4.3 | 12y ago | Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x before 1.0.1 allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2014-7263 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261. | |||
| CVE-2014-7262 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string. | |||
| CVE-2014-7261 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of … | |||
| CVE-2014-7852 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handl… | |||
| CVE-2014-8632 | medium | — | 4.3 | 12y ago | The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass in… | |||
| CVE-2014-8631 | medium | — | 4.3 | 12y ago | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object … | |||
| CVE-2014-1591 | medium | — | 4.3 | 12y ago | Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after… | |||
| CVE-2014-1590 | medium | — | 4.3 | 12y ago | The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of … | |||
| CVE-2014-8602 | medium | — | 4.3 | 12y ago | iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite numbe… | |||
| CVE-2014-6368 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||
| CVE-2014-6365 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerabi… | |||
| CVE-2014-6326 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS V… | |||
| CVE-2014-6325 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS V… | |||
| CVE-2014-9364 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via uns… | |||
| CVE-2014-9361 | medium | — | 4.3 | 12y ago | The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privi… | |||
| CVE-2014-9120 | medium | — | 4.3 | 12y ago | Subrion CMS Cross-site scripting in search | |||
| CVE-2014-8091 | medium | — | 4.3 | 12y ago | X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value… | |||
| CVE-2014-8488 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionali… | |||
| CVE-2014-8730 | medium | — | 4.3 | 12y ago | The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge … | |||
| CVE-2014-9352 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the mail administration login panel in Scalix Web Access 11.4.6.12377 allows remote attackers to inject arbitrary web script or HTML via unspecified vector… | |||
| CVE-2014-9281 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT before 1.2.18 allows remote attackers to inject arbitrary web script or HTML via the dest_id field. | |||
| CVE-2014-9270 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary … | |||
| CVE-2014-9342 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2014-9219 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||
| CVE-2014-8600 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web s… | |||
| CVE-2014-8371 | medium | — | 4.3 | 12y ago | VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, whic… | |||
| CVE-2014-3797 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3616 | medium | — | 4.3 | 12y ago | nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote at… | |||
| CVE-2014-7258 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2014-9212 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an emai… | |||
| CVE-2014-3988 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name … | |||
| CVE-2014-9182 | medium | — | 4.3 | 12y ago | models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. | |||
| CVE-2014-9176 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.ph… | |||
| CVE-2014-9174 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or … | |||
| CVE-2014-9153 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter … | |||
| CVE-2014-7291 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter. | |||
| CVE-2014-5237 | medium | — | 4.3 | 12y ago | Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger re… | |||
| CVE-2014-8958 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script… | |||
| CVE-2014-7850 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation. | |||
| CVE-2014-4883 | medium | — | 4.3 | 12y ago | resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for… | |||
| CVE-2014-4832 | medium | — | 4.3 | 12y ago | IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensi… | |||
| CVE-2014-9103 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) index value of an array … | |||
| CVE-2014-9100 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_ads… | |||
| CVE-2014-6196 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attack… | |||
| CVE-2014-9039 | medium | — | 4.3 | 12y ago | wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that rec… | |||
| CVE-2014-9036 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a c… | |||
| CVE-2014-9035 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script o… | |||
| CVE-2014-9032 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2014-9031 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2014-9059 | medium | — | 4.3 | 12y ago | Moodle does not provide charset information in HTTP headers | |||
| CVE-2014-5326 | medium | — | 4.3 | 12y ago | Improper Neutralization of Input During Web Page Generation in Direct Web Remoting | |||
| CVE-2014-8683 | medium | — | 4.3 | 12y ago | Cross-site Scripting in Gogs in gogs.io/gogs | |||
| CVE-2014-8539 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.… | |||
| CVE-2014-9021 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69… | |||
| CVE-2014-9020 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter i… | |||
| CVE-2014-8996 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.… | |||
| CVE-2014-8629 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to i… | |||
| CVE-2014-7290 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dl… | |||
| CVE-2014-8475 | medium | — | 4.3 | 12y ago | FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attacker… | |||
| CVE-2014-6107 | medium | — | 4.3 | 12y ago | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. | |||
| CVE-2014-6105 | medium | — | 4.3 | 12y ago | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2014-6096 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2014-8955 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject … | |||
| CVE-2014-8732 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3629 | medium | — | 4.3 | 12y ago | XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. | |||
| CVE-2014-3502 | medium | — | 4.3 | 12y ago | Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. | |||
| CVE-2014-3501 | medium | — | 4.3 | 12y ago | Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. | |||
| CVE-2014-3707 | medium | — | 4.3 | 12y ago | The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out… | |||
| CVE-2014-7248 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file. | |||
| CVE-2014-7991 | medium | — | 4.3 | 12y ago | The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which … | |||
| CVE-2014-8557 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in JExperts Channel Platform 5.0.33_CCB allow remote attackers to inject arbitrary web script or HTML via the (1) usuario.nome variable in an edita… | |||
| CVE-2014-6350 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than C… |