Total
27353 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8741 | 1 Lexmark | 1 Markvision Enterprise | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors. | |||||
CVE-2014-8739 | 2 Creative-solutions, Jquery File Upload Project | 2 Creative Contact Form, Jquery File Upload | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. | |||||
CVE-2014-8673 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33. | |||||
CVE-2014-8650 | 2 Debian, Requests-kerberos Project | 2 Debian Linux, Requests-kerberos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
python-requests-Kerberos through 0.5 does not handle mutual authentication | |||||
CVE-2014-8579 | 1 Trendnet | 2 Tew-823dru, Tew-823dru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session. | |||||
CVE-2014-8563 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | |||||
CVE-2014-8516 | 1 Cloudfastpath | 1 Netcharts Server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||||
CVE-2014-8337 | 1 Helpdezk | 1 Helpdezk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter. | |||||
CVE-2014-8322 | 1 Aircrack-ng | 1 Aircrack-ng | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. | |||||
CVE-2014-8164 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. | |||||
CVE-2014-8089 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | |||||
CVE-2014-7862 | 1 Zohocorp | 1 Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action. | |||||
CVE-2014-7257 | 1 Dbd\ | 1 \ | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in DBD::PgPP 0.05 and earlier | |||||
CVE-2014-7236 | 1 Twiki | 1 Twiki | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. | |||||
CVE-2014-7175 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php. | |||||
CVE-2014-7173 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. | |||||
CVE-2014-6617 | 1 Industrial.softing | 2 Fg-100 Pb Profibus, Fg-100 Pb Profibus Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
CVE-2014-6437 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file. | |||||
CVE-2014-6436 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | |||||
CVE-2014-6311 | 2 Debian, Vanderbilt | 2 Debian Linux, Adaptive Communication Environment | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. |