CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-1779 | critical | — | 10.0 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2014-1775 | critical | — | 10.0 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2014-1774 | critical | — | 10.0 | 12y ago | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne… | |||
| CVE-2014-1773 | critical | — | 10.0 | 12y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2014-1772 | critical | — | 10.0 | 12y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2014-1769 | critical | — | 10.0 | 12y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2014-0282 | critical | — | 10.0 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2014-3913 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file. | |||
| CVE-2014-3936 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware … | |||
| CVE-2014-1770 | critical | — | 10.0 | 12y ago | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage … | |||
| CVE-2014-3791 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp. | |||
| CVE-2014-3444 | critical | — | 10.0 | 12y ago | The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and app… | |||
| CVE-2014-0749 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary… | |||
| CVE-2014-1815 | critical | — | 10.0 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 201… | |||
| CVE-2014-1806 | critical | — | 10.0 | 12y ago | The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitra… | |||
| CVE-2014-2046 | critical | — | 10.0 | 12y ago | cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information vi… | |||
| CVE-2014-1849 | critical | — | 10.0 | 12y ago | Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijac… | |||
| CVE-2014-3220 | critical | — | 10.0 | 12y ago | F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/auth… | |||
| CVE-2014-0515 | critical | — | 10.0 | 12y ago | Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitra… | |||
| CVE-2014-3008 | critical | — | 10.0 | 12y ago | Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php. | |||
| CVE-2014-1766 | critical | — | 10.0 | 12y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt … | |||
| CVE-2014-1764 | critical | — | 10.0 | 12y ago | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstra… | |||
| CVE-2014-2994 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (… | |||
| CVE-2014-0514 | critical | — | 10.0 | 12y ago | The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related… | |||
| CVE-2014-0787 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet. | |||
| CVE-2014-1982 | critical | — | 10.0 | 12y ago | The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges … | |||
| CVE-2014-1303 | critical | — | 10.0 | 12y ago | Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen dur… | |||
| CVE-2014-1511 | critical | 9.8 | 10.0 | 12y ago | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. | |||
| CVE-2014-1510 | critical | 9.8 | 10.0 | 12y ago | The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript cod… | |||
| CVE-2014-2087 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows us… | |||
| CVE-2014-0783 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet. | |||
| CVE-2014-0781 | critical | — | 10.0 | 12y ago | Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets. | |||
| CVE-2014-0307 | critical | — | 10.0 | 12y ago | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulation… | |||
| CVE-2014-2299 | critical | — | 10.0 | 12y ago | Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a d… | |||
| CVE-2014-0683 | critical | — | 10.0 | 12y ago | The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier doe… | |||
| CVE-2014-2206 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long… | |||
| CVE-2014-0257 | critical | — | 10.0 | 13y ago | Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrar… | |||
| CVE-2014-0980 | critical | — | 10.0 | 13y ago | Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file. | |||
| CVE-2014-0329 | critical | — | 10.0 | 13y ago | The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging k… | |||
| CVE-2014-1202 | critical | — | 10.0 | 13y ago | Code injection via property expansion in SoapUI | |||
| CVE-2014-1201 | critical | — | 10.0 | 13y ago | Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series… | |||
| CVE-2014-0659 | critical | — | 10.0 | 13y ago | The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote… | |||
| CVE-2014-9118 | high | 8.8 | 9.8 | 9y ago | The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | |||
| CVE-2014-8357 | high | 8.8 | 9.8 | 9y ago | backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the s… | |||
| CVE-2014-9463 | high | 8.8 | 9.8 | 9y ago | functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | |||
| CVE-2014-9312 | high | 8.8 | 9.8 | 9y ago | Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | |||
| CVE-2014-5301 | high | 8.8 | 9.8 | 9y ago | Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. | |||
| CVE-2014-9260 | high | 8.8 | 9.8 | 9y ago | The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. | |||
| CVE-2014-2084 | high | — | 9.5 | 12y ago | Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain s… | |||
| CVE-2014-2850 | high | — | 9.5 | 12y ago | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address paramet… | |||
| CVE-2014-2849 | high | — | 9.5 | 12y ago | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | |||
| CVE-2014-2127 | high | — | 9.5 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly … | |||
| CVE-2014-3888 | high | — | 9.3 | 12y ago | Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and ear… | |||
| CVE-2014-0782 | high | — | 9.3 | 12y ago | Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM… | |||
| CVE-2014-0784 | high | — | 9.3 | 12y ago | Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet. | |||
| CVE-2014-9262 | high | 8.2 | 9.2 | 9y ago | The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | |||
| CVE-2014-1649 | high | — | 8.9 | 12y ago | The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. | |||
| CVE-2014-8358 | high | 7.8 | 8.8 | 9y ago | Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the… | |||
| CVE-2014-8393 | high | 7.8 | 8.8 | 9y ago | DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. | |||
| CVE-2014-9322 | high | 7.8 | 8.8 | 12y ago | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by tr… | |||
| CVE-2014-9303 | high | — | 8.8 | 12y ago | EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or… | |||
| CVE-2014-8868 | high | — | 8.8 | 12y ago | EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive informati… | |||
| CVE-2014-8425 | high | — | 8.8 | 12y ago | The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. | |||
| CVE-2014-8424 | high | — | 8.8 | 12y ago | ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | |||
| CVE-2014-4927 | high | — | 8.8 | 12y ago | Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long strin… | |||
| CVE-2014-4018 | high | — | 8.8 | 12y ago | The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-2962 | high | — | 8.8 | 12y ago | Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname i… | |||
| CVE-2014-4153 | high | — | 8.8 | 12y ago | The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. | |||
| CVE-2014-0644 | high | — | 8.8 | 12y ago | EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity r… | |||
| CVE-2014-0358 | high | — | 8.8 | 12y ago | Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatu… | |||
| CVE-2014-2579 | high | — | 8.6 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the… | |||
| CVE-2014-9147 | high | 7.5 | 8.5 | 9y ago | Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. | |||
| CVE-2014-0997 | high | 7.5 | 8.5 | 9y ago | WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and poten… | |||
| CVE-2014-8675 | high | 7.5 | 8.5 | 9y ago | Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force at… | |||
| CVE-2014-1677 | high | 7.5 | 8.5 | 9y ago | Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | |||
| CVE-2014-8722 | high | 7.5 | 8.5 | 9y ago | GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.x… | |||
| CVE-2014-9735 | high | — | 8.5 | 11y ago | The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX function… | |||
| CVE-2014-8147 | high | — | 8.5 | 11y ago | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type… | |||
| CVE-2014-8146 | high | — | 8.5 | 11y ago | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track d… | |||
| CVE-2014-5370 | high | — | 8.5 | 11y ago | Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbit… | |||
| CVE-2014-9145 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, o… | |||
| CVE-2014-9707 | high | — | 8.5 | 11y ago | EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (… | |||
| CVE-2014-9566 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 1… | |||
| CVE-2014-7864 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attacke… | |||
| CVE-2014-9633 | high | — | 8.5 | 12y ago | The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. | |||
| CVE-2014-4492 | high | — | 8.5 | 12y ago | libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary… | |||
| CVE-2014-8386 | high | — | 8.5 | 12y ago | Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter i… | |||
| CVE-2014-8636 | high | — | 8.5 | 12y ago | The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to exe… | |||
| CVE-2014-10038 | high | — | 8.5 | 12y ago | SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. | |||
| CVE-2014-10037 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php. | |||
| CVE-2014-10031 | high | — | 8.5 | 12y ago | Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command. | |||
| CVE-2014-100031 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. | |||
| CVE-2014-100020 | high | — | 8.5 | 12y ago | SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is alrea… | |||
| CVE-2014-100014 | high | — | 8.5 | 12y ago | Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 o… | |||
| CVE-2014-100012 | high | — | 8.5 | 12y ago | SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||
| CVE-2014-100011 | high | — | 8.5 | 12y ago | SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||
| CVE-2014-10029 | high | — | 8.5 | 12y ago | SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter. | |||
| CVE-2014-10023 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.… | |||
| CVE-2014-10021 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable ext… | |||
| CVE-2014-10020 | high | — | 8.5 | 12y ago | SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. |