Total
27305 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2293 | 1 Zikula | 1 Zikula Application Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php. | |||||
| CVE-2014-2228 | 1 Talend | 1 Restlet | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. | |||||
| CVE-2014-2073 | 1 3ds | 1 Catia | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5_Backbone_Bus." | |||||
| CVE-2014-2072 | 1 3ds | 1 Catia | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks | |||||
| CVE-2014-2048 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. | |||||
| CVE-2014-2025 | 1 Unitedplanet | 1 Intrexx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors. | |||||
| CVE-2014-1925 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. | |||||
| CVE-2014-1924 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | |||||
| CVE-2014-1860 | 1 Contao | 1 Contao Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities | |||||
| CVE-2014-1634 | 1 Magento | 1 Advanced Newsletter | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. | |||||
| CVE-2014-1598 | 1 Centurystar Project | 1 Centurystar | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| centurystar 7.12 ActiveX Control has a Stack Buffer Overflow | |||||
| CVE-2014-1427 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 4.3 MEDIUM | 9.6 CRITICAL |
| A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. | |||||
| CVE-2014-1409 | 1 Mobileiron | 2 Sentry, Virtual Smartphone Platform | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords | |||||
| CVE-2014-10390 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. | |||||
| CVE-2014-10389 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. | |||||
| CVE-2014-10387 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. | |||||
| CVE-2014-10384 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. | |||||
| CVE-2014-10383 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. | |||||
| CVE-2014-10379 | 1 Duplicate Post Project | 1 Duplicate Post | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The duplicate-post plugin before 2.6 for WordPress has SQL injection. | |||||
| CVE-2014-10376 | 1 Themeist | 1 I Recommend This | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. | |||||