CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4865 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-5335 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify con… | |||
| CVE-2014-5347 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requ… | |||
| CVE-2014-5346 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests th… | |||
| CVE-2014-3854 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scrip… | |||
| CVE-2014-5100 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user accou… | |||
| CVE-2014-5023 | medium | — | 7.8 | 12y ago | Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkou… | |||
| CVE-2014-0226 | medium | — | 7.8 | 12y ago | Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent… | |||
| CVE-2014-4964 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that (1) modify customer settings or… | |||
| CVE-2014-4963 | medium | — | 7.8 | 12y ago | Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action. | |||
| CVE-2014-4663 | medium | — | 7.8 | 12y ago | TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter. | |||
| CVE-2014-0864 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers… | |||
| CVE-2014-4718 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a … | |||
| CVE-2014-4717 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for … | |||
| CVE-2014-4716 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password an… | |||
| CVE-2014-4030 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove play… | |||
| CVE-2014-4155 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that … | |||
| CVE-2014-3778 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of a… | |||
| CVE-2014-4163 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that … | |||
| CVE-2014-4162 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change … | |||
| CVE-2014-1778 | medium | — | 7.8 | 12y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulne… | |||
| CVE-2014-1771 | medium | — | 7.8 | 12y ago | SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle … | |||
| CVE-2014-0195 | medium | — | 7.8 | 12y ago | The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, w… | |||
| CVE-2014-2946 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentic… | |||
| CVE-2014-3414 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a u… | |||
| CVE-2014-3866 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that c… | |||
| CVE-2014-3792 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change… | |||
| CVE-2014-2989 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrativ… | |||
| CVE-2014-2383 | medium | — | 7.8 | 12y ago | DOMPDF Arbitrary File Read | |||
| CVE-2014-2341 | medium | — | 7.8 | 12y ago | Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | |||
| CVE-2014-1990 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authen… | |||
| CVE-2014-2340 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create websit… | |||
| CVE-2014-2671 | medium | — | 7.8 | 12y ago | Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file. | |||
| CVE-2014-2317 | medium | — | 7.8 | 12y ago | SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained f… | |||
| CVE-2014-2089 | medium | — | 7.8 | 12y ago | ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. | |||
| CVE-2014-1915 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests t… | |||
| CVE-2014-1683 | medium | — | 7.8 | 13y ago | The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary … | |||
| CVE-2014-0621 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that … | |||
| CVE-2014-8603 | medium | — | 7.5 | 11y ago | cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating… | |||
| CVE-2014-7289 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 a… | |||
| CVE-2014-9308 | medium | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to … | |||
| CVE-2014-10034 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parame… | |||
| CVE-2014-10033 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands… | |||
| CVE-2014-10032 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-9457 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. | |||
| CVE-2014-9435 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userI… | |||
| CVE-2014-8810 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter… | |||
| CVE-2014-9258 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. | |||
| CVE-2014-7285 | medium | — | 7.5 | 12y ago | The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP sc… | |||
| CVE-2014-9305 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary… | |||
| CVE-2014-5462 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edi… | |||
| CVE-2014-9235 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.… | |||
| CVE-2014-9001 | medium | — | 7.5 | 12y ago | reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5)… | |||
| CVE-2014-9000 | medium | — | 7.5 | 12y ago | Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitra… | |||
| CVE-2014-8998 | medium | — | 7.5 | 12y ago | lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace functio… | |||
| CVE-2014-8499 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated use… | |||
| CVE-2014-8498 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote … | |||
| CVE-2014-6030 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlyS… | |||
| CVE-2014-7176 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. | |||
| CVE-2014-2531 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbit… | |||
| CVE-2014-8375 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a … | |||
| CVE-2014-5275 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) e… | |||
| CVE-2014-3978 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact. | |||
| CVE-2014-4873 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data. | |||
| CVE-2014-6242 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderb… | |||
| CVE-2014-7153 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL co… | |||
| CVE-2014-6043 | medium | — | 7.5 | 12y ago | ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the databa… | |||
| CVE-2014-5460 | medium | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then a… | |||
| CVE-2014-5521 | medium | — | 7.5 | 12y ago | plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. | |||
| CVE-2014-5383 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5194 | medium | — | 7.5 | 12y ago | Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. | |||
| CVE-2014-5180 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL… | |||
| CVE-2014-5090 | medium | — | 7.5 | 12y ago | admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel. | |||
| CVE-2014-4977 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new … | |||
| CVE-2014-4944 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) ca… | |||
| CVE-2014-4939 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the … | |||
| CVE-2014-3992 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php … | |||
| CVE-2014-3857 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via th… | |||
| CVE-2014-4688 | medium | — | 7.5 | 12y ago | pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php… | |||
| CVE-2014-2575 | medium | — | 7.5 | 12y ago | Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated … | |||
| CVE-2014-3415 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group. | |||
| CVE-2014-3210 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via… | |||
| CVE-2014-3246 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php. | |||
| CVE-2014-3138 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary… | |||
| CVE-2014-2587 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka us… | |||
| CVE-2014-2339 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) cont… | |||
| CVE-2014-2043 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parame… | |||
| CVE-2014-2238 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via… | |||
| CVE-2014-2088 | medium | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFile… | |||
| CVE-2014-1459 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NO… | |||
| CVE-2014-1401 | medium | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLI… | |||
| CVE-2014-1671 | medium | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress elem… | |||
| CVE-2014-1836 | medium | — | 7.4 | 11y ago | ImpressCMS Path Traversal to Arbitrary File Delete | |||
| CVE-2014-100015 | medium | — | 7.4 | 12y ago | Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload. | |||
| CVE-2014-9301 | medium | — | 7.4 | 12y ago | Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port… | |||
| CVE-2014-6036 | medium | — | 7.4 | 12y ago | Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or re… | |||
| CVE-2014-8598 | medium | — | 7.4 | 12y ago | The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via th… | |||
| CVE-2014-8305 | medium | — | 7.4 | 12y ago | Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attac… | |||
| CVE-2014-4962 | medium | — | 7.4 | 12y ago | Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be sub… | |||
| CVE-2014-3865 | medium | — | 7.4 | 12y ago | Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pse… |