CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3962 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php. | |||
| CVE-2014-3961 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter i… | |||
| CVE-2014-3935 | high | — | 8.5 | 12y ago | SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter. | |||
| CVE-2014-3934 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. | |||
| CVE-2014-3871 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via t… | |||
| CVE-2014-3789 | high | — | 8.5 | 12y ago | GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2014-3749 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp. | |||
| CVE-2014-3757 | high | — | 8.5 | 12y ago | SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the so… | |||
| CVE-2014-2934 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. | |||
| CVE-2014-2913 | high | — | 8.5 | 12y ago | Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to… | |||
| CVE-2014-3139 | high | — | 8.5 | 12y ago | recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. | |||
| CVE-2014-0114 | high | — | 8.5 | 12y ago | Arbitrary code execution in Apache Commons BeanUtils | |||
| CVE-2014-0113 | high | — | 8.5 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-0112 | high | — | 8.5 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-2846 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute a… | |||
| CVE-2014-1762 | high | — | 8.5 | 12y ago | Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via … | |||
| CVE-2014-1216 | high | — | 8.5 | 12y ago | Improper Neutralization of Special Elements used in a Command in FitNesse Wiki | |||
| CVE-2014-2921 | high | — | 8.5 | 12y ago | Pimcore Vulnerable to PHP Object Injection Attacks | |||
| CVE-2014-0763 | high | — | 8.5 | 12y ago | An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to… | |||
| CVE-2014-2847 | high | — | 8.5 | 12y ago | SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. | |||
| CVE-2014-2540 | high | — | 8.5 | 12y ago | SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_direc… | |||
| CVE-2014-1691 | high | — | 8.5 | 12y ago | The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted se… | |||
| CVE-2014-0050 | high | — | 8.5 | 12y ago | Commons FileUpload Denial of service vulnerability | |||
| CVE-2014-1945 | high | — | 8.5 | 12y ago | SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. | |||
| CVE-2014-2211 | high | — | 8.5 | 12y ago | SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. | |||
| CVE-2014-2013 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the Context… | |||
| CVE-2014-1912 | high | — | 8.5 | 12y ago | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code … | |||
| CVE-2014-1854 | high | — | 8.5 | 12y ago | SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitr… | |||
| CVE-2014-1597 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the de… | |||
| CVE-2014-1903 | high | — | 8.5 | 13y ago | admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the A… | |||
| CVE-2014-1204 | high | — | 8.5 | 13y ago | SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be… | |||
| CVE-2014-0750 | high | — | 8.5 | 13y ago | Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLI… | |||
| CVE-2014-1636 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin… | |||
| CVE-2014-1619 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agen… | |||
| CVE-2014-1618 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter … | |||
| CVE-2014-1206 | high | — | 8.5 | 13y ago | SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base… | |||
| CVE-2014-0224 | high | 7.4 | 8.4 | 12y ago | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a z… | |||
| CVE-2014-9619 | high | 7.2 | 8.2 | 9y ago | Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with a… | |||
| CVE-2014-7872 | high | — | 8.2 | 11y ago | Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server. | |||
| CVE-2014-7822 | high | — | 8.2 | 11y ago | The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a den… | |||
| CVE-2014-9643 | high | — | 8.2 | 12y ago | K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via … | |||
| CVE-2014-9642 | high | — | 8.2 | 12y ago | bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain priv… | |||
| CVE-2014-9641 | high | — | 8.2 | 12y ago | The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privile… | |||
| CVE-2014-9632 | high | — | 8.2 | 12y ago | The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations… | |||
| CVE-2014-0998 | high | — | 8.2 | 12y ago | Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges … | |||
| CVE-2014-9226 | high | — | 8.2 | 12y ago | The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass i… | |||
| CVE-2014-8904 | high | — | 8.2 | 12y ago | lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. | |||
| CVE-2014-4322 | high | — | 8.2 | 12y ago | drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain… | |||
| CVE-2014-7286 | high | — | 8.2 | 12y ago | Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2014-7208 | high | — | 8.2 | 12y ago | GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. | |||
| CVE-2014-9141 | high | — | 8.2 | 12y ago | The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. | |||
| CVE-2014-9113 | high | — | 8.2 | 12y ago | CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktop… | |||
| CVE-2014-5284 | high | — | 8.2 | 12y ago | host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root… | |||
| CVE-2014-8359 | high | — | 8.2 | 12y ago | Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.d… | |||
| CVE-2014-4076 | high | — | 8.2 | 12y ago | Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability." | |||
| CVE-2014-5507 | high | — | 8.2 | 12y ago | iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file. | |||
| CVE-2014-3631 | high | — | 8.2 | 12y ago | The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to … | |||
| CVE-2014-5453 | high | — | 8.2 | 12y ago | Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privil… | |||
| CVE-2014-4971 | high | — | 8.2 | 12y ago | Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a cra… | |||
| CVE-2014-1767 | high | — | 8.2 | 12y ago | Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win… | |||
| CVE-2014-2533 | high | — | 8.2 | 12y ago | /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. | |||
| CVE-2014-1287 | high | — | 8.2 | 12y ago | USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages. | |||
| CVE-2014-2022 | high | — | 8.1 | 12y ago | SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conc… | |||
| CVE-2014-5074 | high | — | 8.1 | 12y ago | Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets. | |||
| CVE-2014-3085 | high | — | 8.1 | 12y ago | systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the l… | |||
| CVE-2014-2928 | high | — | 8.1 | 12y ago | The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1,… | |||
| CVE-2014-2996 | high | — | 8.1 | 12y ago | XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_co… | |||
| CVE-2014-3222 | high | 7.0 | 8.0 | 9y ago | In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key… | |||
| CVE-2014-2347 | high | — | 8.0 | 12y ago | Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. | |||
| CVE-2014-3434 | medium | — | 7.9 | 12y ago | Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbit… | |||
| CVE-2014-4943 | medium | — | 7.9 | 12y ago | The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. | |||
| CVE-2014-4699 | medium | — | 7.9 | 12y ago | The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows … | |||
| CVE-2014-3977 | medium | — | 7.9 | 12y ago | libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix… | |||
| CVE-2014-2851 | medium | — | 7.9 | 12y ago | Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gai… | |||
| CVE-2014-0983 | medium | — | 7.9 | 12y ago | Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.… | |||
| CVE-2014-0038 | medium | — | 7.9 | 13y ago | The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted tim… | |||
| CVE-2014-9331 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add … | |||
| CVE-2014-8008 | medium | — | 7.8 | 12y ago | Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full p… | |||
| CVE-2014-9598 | medium | — | 7.8 | 12y ago | The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted… | |||
| CVE-2014-9597 | medium | — | 7.8 | 12y ago | The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and applicatio… | |||
| CVE-2014-10019 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of admin… | |||
| CVE-2014-10014 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change … | |||
| CVE-2014-10008 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a craf… | |||
| CVE-2014-10001 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct … | |||
| CVE-2014-2598 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests t… | |||
| CVE-2014-9344 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a sub… | |||
| CVE-2014-9265 | medium | — | 7.8 | 12y ago | Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2014-8773 | medium | — | 7.8 | 12y ago | MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF toke… | |||
| CVE-2014-8429 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests t… | |||
| CVE-2014-9101 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrator… | |||
| CVE-2014-9099 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspeci… | |||
| CVE-2014-5395 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.0… | |||
| CVE-2014-8953 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin … | |||
| CVE-2014-8948 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that… | |||
| CVE-2014-8654 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attacke… | |||
| CVE-2014-2987 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 be… | |||
| CVE-2014-7281 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for reque… | |||
| CVE-2014-2559 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for re… | |||
| CVE-2014-6409 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the ful… | |||
| CVE-2014-7190 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the s… |