Vulnerabilities (CVE)

Total 27353 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8741 1 Lexmark 1 Markvision Enterprise 2024-11-21 10.0 HIGH 9.8 CRITICAL
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.
CVE-2014-8739 2 Creative-solutions, Jquery File Upload Project 2 Creative Contact Form, Jquery File Upload 2024-11-21 7.5 HIGH 9.8 CRITICAL
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
CVE-2014-8673 1 Soplanning 1 Soplanning 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
CVE-2014-8650 2 Debian, Requests-kerberos Project 2 Debian Linux, Requests-kerberos 2024-11-21 7.5 HIGH 9.8 CRITICAL
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-8579 1 Trendnet 2 Tew-823dru, Tew-823dru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.
CVE-2014-8563 1 Synacor 1 Zimbra Collaboration Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.
CVE-2014-8516 1 Cloudfastpath 1 Netcharts Server 2024-11-21 10.0 HIGH 9.8 CRITICAL
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
CVE-2014-8337 1 Helpdezk 1 Helpdezk 2024-11-21 7.5 HIGH 9.8 CRITICAL
Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.
CVE-2014-8322 1 Aircrack-ng 1 Aircrack-ng 2024-11-21 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.
CVE-2014-8164 1 Redhat 1 Cloudforms Management Engine 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.
CVE-2014-8089 3 Fedoraproject, Redhat, Zend 3 Fedora, Enterprise Linux, Zend Framework 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
CVE-2014-7862 1 Zohocorp 1 Desktop Central 2024-11-21 7.5 HIGH 9.8 CRITICAL
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
CVE-2014-7257 1 Dbd\ 1 \ 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in DBD::PgPP 0.05 and earlier
CVE-2014-7236 1 Twiki 1 Twiki 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
CVE-2014-7175 1 Farsite 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.
CVE-2014-7173 1 Farsite 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.
CVE-2014-6617 1 Industrial.softing 2 Fg-100 Pb Profibus, Fg-100 Pb Profibus Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
CVE-2014-6437 1 Aztech 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.
CVE-2014-6436 1 Aztech 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
CVE-2014-6311 2 Debian, Vanderbilt 2 Debian Linux, Adaptive Communication Environment 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.