ReportizFlow
Filtered by vendor
Subscriptions
Total
323562 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8941 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 9.8 Critical |
| Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI. | ||||
| CVE-2014-8940 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 5.3 Medium |
| Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI. | ||||
| CVE-2014-8939 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 5.3 Medium |
| Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages. | ||||
| CVE-2014-8938 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 7.8 High |
| Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | ||||
| CVE-2014-8937 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 7.5 High |
| Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources. | ||||
| CVE-2014-8888 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | N/A |
| The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue." | ||||
| CVE-2014-8780 | 1 Jease | 1 Jease | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note. | ||||
| CVE-2014-8742 | 1 Lexmark | 1 Markvision Enterprise | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2014-8741 | 1 Lexmark | 1 Markvision Enterprise | 2024-11-21 | 9.8 Critical |
| Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors. | ||||
| CVE-2014-8739 | 2 Creative-solutions, Jquery File Upload Project | 2 Creative Contact Form, Jquery File Upload | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. | ||||
| CVE-2014-8674 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 5.4 Medium |
| Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code. | ||||
| CVE-2014-8673 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 9.8 Critical |
| Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33. | ||||
| CVE-2014-8650 | 2 Debian, Requests-kerberos Project | 2 Debian Linux, Requests-kerberos | 2024-11-21 | 9.8 Critical |
| python-requests-Kerberos through 0.5 does not handle mutual authentication | ||||
| CVE-2014-8597 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel. | ||||
| CVE-2014-8579 | 1 Trendnet | 2 Tew-823dru, Tew-823dru Firmware | 2024-11-21 | N/A |
| TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session. | ||||
| CVE-2014-8563 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 9.8 Critical |
| Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | ||||
| CVE-2014-8561 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 6.5 Medium |
| imagemagick 6.8.9.6 has remote DOS via infinite loop | ||||
| CVE-2014-8540 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks. | ||||
| CVE-2014-8516 | 1 Cloudfastpath | 1 Netcharts Server | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | ||||
| CVE-2014-8490 | 1 Tennisconnect | 1 Components | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm. | ||||