CVEs from 2014
Total
7,915
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
0.6%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-1979 | medium | — | 6.8 | 12y ago | The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail e… | |
| CVE-2014-1502 | medium | — | 6.8 | 12y ago | The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and… | |
| CVE-2014-2241 | medium | — | 6.8 | 12y ago | The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to c… | |
| CVE-2014-0873 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before… | |
| CVE-2014-2047 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vect… | |
| CVE-2014-1294 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |
| CVE-2014-1293 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |
| CVE-2014-1292 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |
| CVE-2014-1291 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |
| CVE-2014-1290 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |
| CVE-2014-1289 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |
| CVE-2014-1275 | medium | — | 6.8 | 12y ago | Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data… | |
| CVE-2014-0779 | medium | — | 6.8 | 12y ago | The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.456… | |
| CVE-2014-2317 | medium | — | 6.8 | 12y ago | SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained f… | |
| CVE-2014-0336 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that u… | |
| CVE-2014-0036 | medium | — | 6.8 | 12y ago | rbovirt uses the rest-client gem with SSL verification disabled | |
| CVE-2014-1886 | medium | — | 6.8 | 12y ago | The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage reso… | |
| CVE-2014-2089 | medium | — | 6.8 | 12y ago | ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. | |
| CVE-2014-2099 | medium | — | 6.8 | 12y ago | The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array ac… | |
| CVE-2014-2098 | medium | — | 6.8 | 12y ago | libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or po… | |
| CVE-2014-2097 | medium | — | 6.8 | 12y ago | The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out… | |
| CVE-2014-2263 | medium | — | 6.8 | 12y ago | The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vecto… | |
| CVE-2014-0774 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS3… | |
| CVE-2014-2103 | medium | — | 6.8 | 12y ago | Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309. | |
| CVE-2014-1270 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1269 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1268 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1260 | medium | — | 6.8 | 12y ago | QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. | |
| CVE-2014-1259 | medium | — | 6.8 | 12y ago | Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename. | |
| CVE-2014-1258 | medium | — | 6.8 | 12y ago | Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. | |
| CVE-2014-1254 | medium | — | 6.8 | 12y ago | Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in … | |
| CVE-2014-0747 | medium | — | 6.8 | 12y ago | The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF … | |
| CVE-2014-0745 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of a… | |
| CVE-2014-0740 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified C… | |
| CVE-2014-0730 | medium | — | 6.8 | 12y ago | Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128. | |
| CVE-2014-0736 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote att… | |
| CVE-2014-0080 | medium | — | 6.8 | 12y ago | SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, al… | |
| CVE-2014-0813 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. | |
| CVE-2014-1915 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests t… | |
| CVE-2014-1694 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ … | |
| CVE-2014-0831 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary us… | |
| CVE-2014-0835 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console… | |
| CVE-2014-1683 | medium | — | 6.8 | 13y ago | The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary … | |
| CVE-2014-0751 | medium | — | 6.8 | 13y ago | The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code… | |
| CVE-2014-1670 | medium | — | 6.8 | 13y ago | The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response. | |
| CVE-2014-0674 | medium | — | 6.8 | 13y ago | Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause… | |
| CVE-2014-0676 | medium | — | 6.8 | 13y ago | Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. | |
| CVE-2014-0010 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allo… | |
| CVE-2014-1211 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. | |
| CVE-2014-1473 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of use… | |
| CVE-2014-0664 | medium | — | 6.8 | 13y ago | The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976. | |
| CVE-2014-0621 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that … | |
| CVE-2014-0791 | medium | — | 6.8 | 13y ago | Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly h… | |
| CVE-2014-3124 | medium | — | 6.7 | 12y ago | The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separa… | |
| CVE-2014-6518 | medium | — | 6.6 | 12y ago | Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS). | |
| CVE-2014-2355 | medium | — | 6.6 | 12y ago | The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. | |
| CVE-2014-6602 | medium | — | 6.6 | 12y ago | Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or d… | |
| CVE-2014-0960 | medium | — | 6.6 | 12y ago | IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed … | |
| CVE-2014-2172 | medium | — | 6.6 | 12y ago | Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for interna… | |
| CVE-2014-2408 | medium | — | 6.6 | 12y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity vi… | |
| CVE-2014-0323 | medium | — | 6.6 | 12y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windo… | |
| CVE-2014-0106 | medium | — | 6.6 | 12y ago | Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended co… | |
| CVE-2014-3250 | medium | 6.5 | 6.5 | 9y ago | The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certi… | |
| CVE-2014-7813 | medium | 6.5 | 6.5 | 9y ago | Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack … | |
| CVE-2014-9092 | medium | 6.5 | 6.5 | 9y ago | libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | |
| CVE-2014-8163 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. | |
| CVE-2014-9701 | medium | 6.5 | 6.5 | 9y ago | Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page… | |
| CVE-2014-8127 | medium | 6.5 | 6.5 | 9y ago | LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, … | |
| CVE-2014-9907 | medium | 6.5 | 6.5 | 9y ago | coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. | |
| CVE-2014-9837 | medium | 6.5 | 6.5 | 9y ago | coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file. | |
| CVE-2014-8354 | medium | 6.5 | 6.5 | 9y ago | The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | |
| CVE-2014-9829 | medium | 6.5 | 6.5 | 9y ago | coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file. | |
| CVE-2014-9691 | medium | 6.5 | 6.5 | 9y ago | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R… | |
| CVE-2014-0229 | medium | 6.5 | 6.5 | 9y ago | Improper Authentication in Apache Hadoop | |
| CVE-2014-2146 | medium | 6.5 | 6.5 | 10y ago | The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attack… | |
| CVE-2014-8177 | medium | 6.5 | 6.5 | 10y ago | The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted… | |
| CVE-2014-3672 | medium | 6.5 | 6.5 | 10y ago | The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |
| CVE-2014-9655 | medium | 6.5 | 6.5 | 10y ago | The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via … | |
| CVE-2014-9752 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file wit… | |
| CVE-2014-9229 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL … | |
| CVE-2014-8603 | medium | — | 6.5 | 11y ago | cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating… | |
| CVE-2014-2130 | medium | — | 6.5 | 11y ago | Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configu… | |
| CVE-2014-8115 | medium | — | 6.5 | 11y ago | The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspeci… | |
| CVE-2014-8630 | medium | — | 6.5 | 12y ago | Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcompon… | |
| CVE-2014-7269 | medium | — | 6.5 | 12y ago | ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N6… | |
| CVE-2014-6578 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrit… | |
| CVE-2014-7289 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 a… | |
| CVE-2014-6480 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vecto… | |
| CVE-2014-7814 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter. | |
| CVE-2014-9595 | medium | — | 6.5 | 12y ago | Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… | |
| CVE-2014-9594 | medium | — | 6.5 | 12y ago | Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… | |
| CVE-2014-9308 | medium | — | 6.5 | 12y ago | Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to … | |
| CVE-2014-10034 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parame… | |
| CVE-2014-10033 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands… | |
| CVE-2014-10032 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | |
| CVE-2014-8027 | medium | — | 6.5 | 12y ago | The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via … | |
| CVE-2014-9457 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. | |
| CVE-2014-9442 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a … | |
| CVE-2014-9435 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userI… | |
| CVE-2014-8810 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter… |