Total
82348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5085 | 1 Sphider-plus | 1 Sphider-plus | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro. | |||||
| CVE-2014-5084 | 1 Sphiderpro | 1 Sphider Pro | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus. | |||||
| CVE-2014-5083 | 1 Sphider | 1 Sphider | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider. | |||||
| CVE-2014-5072 | 1 Wpsecurityauditlog | 1 Wp Security Audit Log | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2014-5070 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. | |||||
| CVE-2014-5068 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name. | |||||
| CVE-2014-5034 | 1 Fresh-media | 1 Brute Force Login Protection | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php. | |||||
| CVE-2014-5013 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. | |||||
| CVE-2014-5004 | 1 Brbackup Project | 1 Brbackup | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-5002 | 1 Lynx Project | 1 Lynx | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes. | |||||
| CVE-2014-5001 | 1 Kcapifony Project | 1 Kcapifony | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes. | |||||
| CVE-2014-5000 | 1 Lawn-login Project | 1 Lawn-login | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4999 | 1 Kajam Project | 1 Kajam | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4998 | 1 Lean-ruport Project | 1 Lean-ruport | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4997 | 1 Point-cli Project | 1 Point-cli | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4995 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2024-11-21 | 1.9 LOW | 7.0 HIGH |
| Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed. | |||||
| CVE-2014-4993 | 2 Backup-agoddard Project, Backup Checksum Project | 2 Backup-agoddard, Backup Checksum | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4992 | 1 Cap-strap Project | 1 Cap-strap | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4991 | 1 Codders-dataset Project | 1 Codders-dataset | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| (1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2014-4968 | 1 Boatmob | 1 Boat Browser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. | |||||