CVEs from 2014
Total
7,915
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
0.6%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-0487 | high | — | 7.5 | 12y ago | APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. | |
| CVE-2014-8350 | high | — | 7.5 | 12y ago | Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. | |
| CVE-2014-5271 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 al… | |
| CVE-2014-3634 | high | — | 7.5 | 12y ago | rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact … | |
| CVE-2014-2015 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow a… | |
| CVE-2014-8244 | high | — | 7.5 | 12y ago | Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300,… | |
| CVE-2014-8509 | high | — | 7.5 | 12y ago | The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to "Imprope… | |
| CVE-2014-8081 | high | — | 7.5 | 12y ago | lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. | |
| CVE-2014-3446 | high | — | 7.5 | 12y ago | SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter. | |
| CVE-2014-8533 | high | — | 7.5 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection. | |
| CVE-2014-8530 | high | — | 7.5 | 12y ago | Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown … | |
| CVE-2014-8522 | high | — | 7.5 | 12y ago | The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access. | |
| CVE-2014-3669 | high | — | 7.5 | 12y ago | Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of servic… | |
| CVE-2014-8506 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php. | |
| CVE-2014-5520 | high | — | 7.5 | 12y ago | SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly ha… | |
| CVE-2014-6037 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a … | |
| CVE-2014-1927 | high | — | 7.5 | 12y ago | The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as … | |
| CVE-2014-3677 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption. | |
| CVE-2014-3676 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option." | |
| CVE-2014-5006 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/… | |
| CVE-2014-5005 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an L… | |
| CVE-2014-7140 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote … | |
| CVE-2014-8366 | high | — | 7.5 | 12y ago | SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. | |
| CVE-2014-8363 | high | — | 7.5 | 12y ago | SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | |
| CVE-2014-2081 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbit… | |
| CVE-2014-4840 | high | — | 7.5 | 12y ago | IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. | |
| CVE-2014-4427 | high | — | 7.5 | 12y ago | App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. | |
| CVE-2014-2063 | high | — | 7.5 | 12y ago | Jenkins Vulnerable to Clickjacking | |
| CVE-2014-8306 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated … | |
| CVE-2014-8240 | high | — | 7.5 | 12y ago | Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-base… | |
| CVE-2014-3666 | high | — | 7.5 | 12y ago | Jenkins allows for Code Execution via Crafted Packet to the CLI | |
| CVE-2014-3704 | high | — | 7.5 | 12y ago | The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection att… | |
| CVE-2014-6500 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERV… | |
| CVE-2014-6491 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER… | |
| CVE-2014-4278 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality… | |
| CVE-2014-4276 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS). | |
| CVE-2014-8295 | high | — | 7.5 | 12y ago | SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | |
| CVE-2014-8294 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username o… | |
| CVE-2014-1581 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary cod… | |
| CVE-2014-1578 | high | — | 7.5 | 12y ago | The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and appl… | |
| CVE-2014-1576 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbit… | |
| CVE-2014-1575 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |
| CVE-2014-1574 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of s… | |
| CVE-2014-8766 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified p… | |
| CVE-2014-6379 | high | — | 7.5 | 12y ago | Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, … | |
| CVE-2014-7201 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to … | |
| CVE-2014-4313 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field. | |
| CVE-2014-4872 | high | — | 7.5 | 12y ago | BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configur… | |
| CVE-2014-7226 | high | — | 7.5 | 12y ago | The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are in… | |
| CVE-2014-5297 | high | — | 7.5 | 12y ago | The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSR… | |
| CVE-2014-2649 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | |
| CVE-2014-2638 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344. | |
| CVE-2014-2637 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342. | |
| CVE-2014-2636 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336. | |
| CVE-2014-2635 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343. | |
| CVE-2014-7984 | high | — | 7.5 | 12y ago | Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. | |
| CVE-2014-7981 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2014-6632 | high | — | 7.5 | 12y ago | Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. | |
| CVE-2014-6394 | high | — | 7.5 | 12y ago | visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as d… | |
| CVE-2014-7967 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unkn… | |
| CVE-2014-3200 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |
| CVE-2014-3196 | high | — | 7.5 | 12y ago | base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox prote… | |
| CVE-2014-3194 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via… | |
| CVE-2014-3193 | high | — | 7.5 | 12y ago | The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possi… | |
| CVE-2014-3192 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.212… | |
| CVE-2014-3191 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaSc… | |
| CVE-2014-3190 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of servic… | |
| CVE-2014-3189 | high | — | 7.5 | 12y ago | The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers t… | |
| CVE-2014-7299 | high | — | 7.5 | 12y ago | Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain … | |
| CVE-2014-6607 | high | — | 7.5 | 12y ago | M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and… | |
| CVE-2014-6389 | high | — | 7.5 | 12y ago | backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter. | |
| CVE-2014-4043 | high | — | 7.5 | 12y ago | The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-… | |
| CVE-2014-2044 | high | — | 7.5 | 12y ago | Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbi… | |
| CVE-2014-5389 | high | — | 7.5 | 12y ago | SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content typ… | |
| CVE-2014-0074 | high | — | 7.5 | 12y ago | Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password. | |
| CVE-2014-3396 | high | — | 7.5 | 12y ago | Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via t… | |
| CVE-2014-6298 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then access… | |
| CVE-2014-6295 | high | — | 7.5 | 12y ago | WEC Map (wec_map) extension for TYPO3 allows SQL Injection | |
| CVE-2014-6293 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild i… | |
| CVE-2014-6290 | high | — | 7.5 | 12y ago | The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue. | |
| CVE-2014-6289 | high | — | 7.5 | 12y ago | yag and pt_extbase extensions for TYPO3 allow remote attackers to bypass access restrictions | |
| CVE-2014-6288 | high | — | 7.5 | 12y ago | TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism | |
| CVE-2014-3947 | high | — | 7.5 | 12y ago | TYPO3 powermail extension has unrestricted file upload vulnerability | |
| CVE-2014-6051 | high | — | 7.5 | 12y ago | Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code … | |
| CVE-2014-6446 | high | — | 7.5 | 12y ago | The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via … | |
| CVE-2014-1568 | high | — | 7.5 | 12y ago | Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x befo… | |
| CVE-2014-4424 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vector… | |
| CVE-2014-2376 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vector… | |
| CVE-2014-5440 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password para… | |
| CVE-2014-2008 | high | — | 7.5 | 12y ago | SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | |
| CVE-2014-4811 | high | — | 7.5 | 12y ago | IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a di… | |
| CVE-2014-6241 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2014-6239 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2014-6236 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links. | |
| CVE-2014-6235 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. | |
| CVE-2014-6233 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2014-6231 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. | |
| CVE-2014-5519 | high | — | 7.5 | 12y ago | The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of the… | |
| CVE-2014-2223 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a… | |
| CVE-2014-3179 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |