ReportizFlow
Filtered by vendor
Subscriptions
Total
323547 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-6059 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | 7.2 High |
| WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability | ||||
| CVE-2014-6050 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. | ||||
| CVE-2014-6049 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. | ||||
| CVE-2014-6048 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. | ||||
| CVE-2014-6047 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. | ||||
| CVE-2014-6046 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token. | ||||
| CVE-2014-6045 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
| SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function. | ||||
| CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 7.5 High |
| ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | ||||
| CVE-2014-6038 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 7.5 High |
| Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000. | ||||
| CVE-2014-6027 | 1 Torrentflux Project | 1 Torrentflux | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details. | ||||
| CVE-2014-5516 | 1 Konakart | 1 Konakart | 2024-11-21 | 6.5 Medium |
| Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request. | ||||
| CVE-2014-5509 | 1 Clipboard Project | 1 Clipboard | 2024-11-21 | N/A |
| clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$. | ||||
| CVE-2014-5500 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 6.1 Medium |
| Synacor Zimbra Collaboration before 8.0.8 has XSS. | ||||
| CVE-2014-5470 | 2024-11-21 | 9.8 Critical | ||
| Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation. | ||||
| CVE-2014-5468 | 1 Getrailo | 1 Railo | 2024-11-21 | 8.8 High |
| A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. | ||||
| CVE-2014-5450 | 1 Zarafa | 1 Zarafa Collaboration Platform | 2024-11-21 | N/A |
| Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files. | ||||
| CVE-2014-5443 | 1 Seafile | 1 Seafile Server | 2024-11-21 | N/A |
| Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts. | ||||
| CVE-2014-5439 | 2 Debian, Sniffit Project | 2 Debian Linux, Sniffit | 2024-11-21 | 7.8 High |
| Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code. | ||||
| CVE-2014-5436 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-11-21 | N/A |
| A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | ||||
| CVE-2014-5435 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-11-21 | N/A |
| An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | ||||