ReportizFlow
Filtered by vendor
Subscriptions
Total
323514 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2875 | 1 Keplerproject | 1 Cgilua | 2024-11-21 | 6.1 Medium |
| The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID. | ||||
| CVE-2014-2843 | 1 Infoware | 1 Mapsuite | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-2727 | 1 Trustwave | 1 Mailmarshal | 2024-11-21 | 9.8 Critical |
| The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. | ||||
| CVE-2014-2723 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 8.8 High |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | ||||
| CVE-2014-2722 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 8.8 High |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | ||||
| CVE-2014-2721 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 8.8 High |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | ||||
| CVE-2014-2686 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 High |
| Ansible prior to 1.5.4 mishandles the evaluation of some strings. | ||||
| CVE-2014-2680 | 1 Xmind | 1 Xmind | 2024-11-21 | 8.1 High |
| The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack. | ||||
| CVE-2014-2675 | 1 Wp-html-sitemap Project | 1 Wp-html-sitemap | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php. | ||||
| CVE-2014-2674 | 1 Ajax-pagination Project | 1 Ajax-pagination | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php. | ||||
| CVE-2014-2652 | 1 Unify | 1 Openscape Deployment Service | 2024-11-21 | N/A |
| SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-2651 | 1 Atos | 28 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 25 more | 2024-11-21 | 9.8 Critical |
| Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface | ||||
| CVE-2014-2650 | 1 Atos | 30 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 27 more | 2024-11-21 | 9.8 Critical |
| Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface | ||||
| CVE-2014-2595 | 1 Barracuda | 1 Web Application Firewall | 2024-11-21 | 9.8 Critical |
| Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. | ||||
| CVE-2014-2592 | 1 Arubanetworks | 1 Web Management Portal | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | ||||
| CVE-2014-2581 | 2 Fedoraproject, Smb4k Project | 2 Fedora, Smb4k | 2024-11-21 | 7.5 High |
| Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | ||||
| CVE-2014-2560 | 1 Phoner | 1 Phonerlite | 2024-11-21 | 7.5 High |
| The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. | ||||
| CVE-2014-2552 | 1 Brookinsconsulting | 1 Collected Information Export | 2024-11-21 | N/A |
| Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data. | ||||
| CVE-2014-2550 | 1 Disable Comments | 1 Disable Comments Project | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php. | ||||
| CVE-2014-2387 | 3 Debian, Opensuse, Pen Project | 3 Debian Linux, Opensuse, Pen | 2024-11-21 | 4.4 Medium |
| Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | ||||