Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338959 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2680 | 1 Xmind | 1 Xmind | 2024-11-21 | 8.1 High |
| The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack. | ||||
| CVE-2014-2675 | 1 Wp-html-sitemap Project | 1 Wp-html-sitemap | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php. | ||||
| CVE-2014-2674 | 1 Ajax-pagination Project | 1 Ajax-pagination | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php. | ||||
| CVE-2014-2652 | 1 Unify | 1 Openscape Deployment Service | 2024-11-21 | N/A |
| SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-2651 | 1 Atos | 28 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 25 more | 2024-11-21 | 9.8 Critical |
| Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface | ||||
| CVE-2014-2650 | 1 Atos | 30 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 27 more | 2024-11-21 | 9.8 Critical |
| Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface | ||||
| CVE-2014-2595 | 1 Barracuda | 1 Web Application Firewall | 2024-11-21 | 9.8 Critical |
| Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. | ||||
| CVE-2014-2592 | 1 Arubanetworks | 1 Web Management Portal | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | ||||
| CVE-2014-2581 | 2 Fedoraproject, Smb4k Project | 2 Fedora, Smb4k | 2024-11-21 | 7.5 High |
| Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | ||||
| CVE-2014-2560 | 1 Phoner | 1 Phonerlite | 2024-11-21 | 7.5 High |
| The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | ||||
| CVE-2014-2552 | 1 Brookinsconsulting | 1 Collected Information Export | 2024-11-21 | N/A |
| Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data. | ||||
| CVE-2014-2550 | 1 Disable Comments | 1 Disable Comments Project | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php. | ||||
| CVE-2014-2387 | 3 Debian, Opensuse, Pen Project | 3 Debian Linux, Opensuse, Pen | 2024-11-21 | 4.4 Medium |
| Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | ||||
| CVE-2014-2359 | 1 Oleumtech | 4 Ad1, Ad1 Firmware, Ft1 and 1 more | 2024-11-21 | N/A |
| OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data. | ||||
| CVE-2014-2312 | 1 Intel | 1 Thermald | 2024-11-21 | 5.5 Medium |
| The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. | ||||
| CVE-2014-2304 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-11-21 | 7.5 High |
| A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures. | ||||
| CVE-2014-2302 | 1 Webedition | 1 Webedition Cms | 2024-11-21 | N/A |
| The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org. | ||||
| CVE-2014-2297 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4. | ||||
| CVE-2014-2296 | 1 Apereo | 1 Cas Server | 2024-11-21 | N/A |
| XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data. | ||||
| CVE-2014-2294 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | N/A |
| Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. | ||||