Vulnerabilities (CVE)

Total 243294 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2683 1 Citrix 1 Command Center 2023-12-10 7.5 HIGH N/A
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.
CVE-2012-5502 1 Plone 1 Plone 2023-12-10 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3937 1 Ajaydsouza 1 Contextual Related Posts 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4661 1 Civicrm 1 Civicrm 2023-12-10 4.9 MEDIUM N/A
CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intended access restrictions, as demonstrated by accessing custom contribution data without having the "access CiviContribute" permission.
CVE-2014-6166 1 Ibm 1 Websphere Application Server 2023-12-10 4.3 MEDIUM N/A
The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-8109 4 Apache, Canonical, Fedoraproject and 1 more 4 Http Server, Ubuntu Linux, Fedora and 1 more 2023-12-10 4.3 MEDIUM N/A
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.
CVE-2014-9395 1 Simplelife Project 1 Simplelife 2023-12-10 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php.
CVE-2014-3854 1 Pyplate 1 Pyplate 2023-12-10 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter.
CVE-2015-1630 1 Microsoft 1 Exchange Server 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability."
CVE-2014-5504 1 Solarwinds 1 Log And Event Manager 2023-12-10 7.5 HIGH N/A
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
CVE-2014-8993 1 Open-xchange 1 Open-xchange Appsuite 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.
CVE-2014-2789 1 Microsoft 1 Internet Explorer 2023-12-10 9.3 HIGH N/A
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2795, CVE-2014-2798, and CVE-2014-2804.
CVE-2014-5739 1 Webprancer 1 Garfield\'s Diner 2023-12-10 5.4 MEDIUM N/A
The Garfield's Diner (aka com.webprancer.google.GarfieldsDiner) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-8136 4 Canonical, Mageia, Opensuse and 1 more 8 Ubuntu Linux, Mageia, Opensuse and 5 more 2023-12-10 2.1 LOW N/A
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
CVE-2015-1498 1 Persistent Systems 1 Radia Client Automation 2023-12-10 10.0 HIGH N/A
Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.
CVE-2014-0505 1 Adobe 1 Shockwave Player 2023-12-10 10.0 HIGH N/A
Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2014-7048 1 Bearidlock 1 Bear Id Lock 2023-12-10 5.4 MEDIUM N/A
The Bear ID Lock (aka com.wBearIDLock) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-1327 1 Apple 1 Safari 2023-12-10 6.8 MEDIUM N/A
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
CVE-2015-2316 5 Canonical, Djangoproject, Fedoraproject and 2 more 5 Ubuntu Linux, Django, Fedora and 2 more 2023-12-10 5.0 MEDIUM N/A
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.
CVE-2013-5557 1 Cisco 1 Adaptive Security Appliance Software 2023-12-10 6.3 MEDIUM N/A
The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577.