Total
246391 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8079 | 1 Drupal | 1 Mayo | 2023-12-10 | 4.0 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to header background setting. | |||||
CVE-2014-2485 | 1 Oracle | 1 Siebel Crm | 2023-12-10 | 1.4 LOW | N/A |
Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Services. | |||||
CVE-2014-2114 | 1 Cisco | 1 Emergency Responder | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384. | |||||
CVE-2014-9177 | 1 Svnlabs | 1 Html5 Mp3 Player With Playlist Free | 2023-12-10 | 5.0 MEDIUM | N/A |
The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php. | |||||
CVE-2014-4036 | 1 Impresscms | 1 Impresscms | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action. | |||||
CVE-2015-1594 | 1 Siemens | 5 Simatic Cfc, Simatic Prosave, Simatic Step 7 and 2 more | 2023-12-10 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file. | |||||
CVE-2015-0932 | 1 Antlabs | 7 Inngate Ig 3.00 E, Inngate Ig 3.01 E, Inngate Ig 3.02 E and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. | |||||
CVE-2014-4890 | 1 Magzter | 1 Nano Digest | 2023-12-10 | 5.4 MEDIUM | N/A |
The Nano Digest (aka com.magzter.nanodigest) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-7086 | 1 Killer Screen Lock Project | 1 Killer Screen Lock | 2023-12-10 | 5.4 MEDIUM | N/A |
The Killer Screen lock (aka com.cc.theme.shashou) application 0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-6029 | 1 Torrentflux Project | 1 Torrentflux | 2023-12-10 | 4.9 MEDIUM | N/A |
TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php. | |||||
CVE-2014-2044 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 7.5 HIGH | N/A |
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program. | |||||
CVE-2013-7247 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2023-12-10 | 5.0 MEDIUM | N/A |
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. | |||||
CVE-2015-0393 | 1 Oracle | 1 E-business Suite | 2023-12-10 | 6.0 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to DB Privileges. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that the PUBLIC role is granted the INDEX privilege for the DUAL table during a "seeded install," which allows remote authenticated users to gain SYSDBA privileges and execute arbitrary code. | |||||
CVE-2014-4247 | 1 Oracle | 2 Jdk, Jre | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | |||||
CVE-2014-8728 | 1 Subex | 1 Roc Fraud Management System | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter. | |||||
CVE-2015-0519 | 1 Emc | 1 Captiva Capture | 2023-12-10 | 2.1 LOW | N/A |
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. | |||||
CVE-2014-7310 | 1 Ali Visual Project | 1 Ali Visual | 2023-12-10 | 5.4 MEDIUM | N/A |
The Ali Visual (aka com.ali.visual) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-6334 | 1 Microsoft | 3 Office Compatibility Pack, Office Word Viewer, Word | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability." | |||||
CVE-2014-7460 | 1 Superluckycasino | 1 Slots Heaven\ | 2023-12-10 | 5.4 MEDIUM | N/A |
The Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) application 1.123 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-2900 | 1 Yassl | 1 Cyassl | 2023-12-10 | 5.8 MEDIUM | N/A |
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. |