CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-2922 | medium | — | 7.4 | 12y ago | The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which all… | |||
| CVE-2014-1907 | medium | — | 7.4 | 12y ago | Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in… | |||
| CVE-2014-3081 | medium | — | 7.3 | 12y ago | prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter. | |||
| CVE-2014-8727 | medium | — | 7.2 | 12y ago | Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (d… | |||
| CVE-2014-5207 | medium | — | 7.2 | 12y ago | fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows … | |||
| CVE-2014-4014 | medium | — | 7.2 | 12y ago | The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions… | |||
| CVE-2014-3146 | medium | 6.1 | 7.1 | 4y ago | Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme t… | |||
| CVE-2014-2045 | medium | 6.1 | 7.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the usernam… | |||
| CVE-2014-3439 | medium | — | 7.1 | 12y ago | ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. | |||
| CVE-2014-8791 | medium | — | 7.0 | 12y ago | project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code vi… | |||
| CVE-2014-8949 | medium | — | 7.0 | 12y ago | The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this c… | |||
| CVE-2014-2227 | medium | — | 7.0 | 12y ago | The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which … | |||
| CVE-2014-1610 | medium | — | 7.0 | 13y ago | MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metac… | |||
| CVE-2014-6041 | medium | — | 6.8 | 12y ago | The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\… | |||
| CVE-2014-0867 | medium | — | 6.8 | 12y ago | rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query s… | |||
| CVE-2014-2880 | medium | — | 6.8 | 12y ago | Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web … | |||
| CVE-2014-0372 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated use… | |||
| CVE-2014-5144 | medium | 5.4 | 6.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown. | |||
| CVE-2014-9610 | medium | 5.3 | 6.3 | 9y ago | Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user… | |||
| CVE-2014-8677 | medium | 5.3 | 6.3 | 9y ago | The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create a… | |||
| CVE-2014-8676 | medium | 5.3 | 6.3 | 9y ago | Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL pa… | |||
| CVE-2014-5455 | medium | 5.3 | 6.3 | 12y ago | Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a … | |||
| CVE-2014-1219 | medium | — | 6.1 | 13y ago | CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end o… | |||
| CVE-2014-9734 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a rev… | |||
| CVE-2014-8605 | medium | — | 6.0 | 11y ago | The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to … | |||
| CVE-2014-8604 | medium | — | 6.0 | 11y ago | The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive inform… | |||
| CVE-2014-0999 | medium | — | 6.0 | 11y ago | Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Ref… | |||
| CVE-2014-9261 | medium | — | 6.0 | 11y ago | The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path … | |||
| CVE-2014-7883 | medium | — | 6.0 | 12y ago | HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response. | |||
| CVE-2014-8826 | medium | — | 6.0 | 12y ago | LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. | |||
| CVE-2014-8802 | medium | — | 6.0 | 12y ago | The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted … | |||
| CVE-2014-100029 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newt… | |||
| CVE-2014-10010 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pj… | |||
| CVE-2014-100002 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to Wor… | |||
| CVE-2014-9581 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue wa… | |||
| CVE-2014-9436 | medium | — | 6.0 | 12y ago | Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. | |||
| CVE-2014-9119 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2014-1908 | medium | — | 6.0 | 12y ago | The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attac… | |||
| CVE-2014-8272 | medium | — | 6.0 | 12y ago | The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote at… | |||
| CVE-2014-8270 | medium | — | 6.0 | 12y ago | BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. | |||
| CVE-2014-9350 | medium | — | 6.0 | 12y ago | TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" va… | |||
| CVE-2014-9218 | medium | — | 6.0 | 12y ago | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long p… | |||
| CVE-2014-9302 | medium | — | 6.0 | 12y ago | Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attacke… | |||
| CVE-2014-6034 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.… | |||
| CVE-2014-5446 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read a… | |||
| CVE-2014-5445 | medium | — | 6.0 | 12y ago | Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via… | |||
| CVE-2014-8775 | medium | — | 6.0 | 12y ago | MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive informat… | |||
| CVE-2014-9181 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote auth… | |||
| CVE-2014-7816 | medium | — | 6.0 | 12y ago | Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow | |||
| CVE-2014-8801 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUER… | |||
| CVE-2014-8799 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (do… | |||
| CVE-2014-9034 | medium | — | 6.0 | 12y ago | wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long … | |||
| CVE-2014-9016 | medium | — | 6.0 | 12y ago | The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and m… | |||
| CVE-2014-8768 | medium | — | 6.0 | 12y ago | Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a… | |||
| CVE-2014-8493 | medium | — | 6.0 | 12y ago | ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. | |||
| CVE-2014-8995 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | |||
| CVE-2014-7992 | medium | — | 6.0 | 12y ago | The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, a… | |||
| CVE-2014-2268 | medium | — | 6.0 | 12y ago | views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the … | |||
| CVE-2014-8555 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter. | |||
| CVE-2014-8652 | medium | — | 6.0 | 12y ago | Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681. | |||
| CVE-2014-8657 | medium | — | 6.0 | 12y ago | The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via … | |||
| CVE-2014-8655 | medium | — | 6.0 | 12y ago | The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via a… | |||
| CVE-2014-0995 | medium | — | 6.0 | 12y ago | The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the… | |||
| CVE-2014-4311 | medium | — | 6.0 | 12y ago | Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection a… | |||
| CVE-2014-5094 | medium | — | 6.0 | 12y ago | Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function. | |||
| CVE-2014-6308 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php. | |||
| CVE-2014-5300 | medium | — | 6.0 | 12y ago | Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature. | |||
| CVE-2014-2009 | medium | — | 6.0 | 12y ago | The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log. | |||
| CVE-2014-4863 | medium | — | 6.0 | 12y ago | The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP reque… | |||
| CVE-2014-5377 | medium | — | 6.0 | 12y ago | ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. | |||
| CVE-2014-5465 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file… | |||
| CVE-2014-5337 | medium | — | 6.0 | 12y ago | The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exporta… | |||
| CVE-2014-5368 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows re… | |||
| CVE-2014-5350 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/… | |||
| CVE-2014-5349 | medium | — | 6.0 | 12y ago | Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function. | |||
| CVE-2014-5266 | medium | — | 6.0 | 12y ago | The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote atta… | |||
| CVE-2014-5116 | medium | — | 6.0 | 12y ago | The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. | |||
| CVE-2014-5115 | medium | — | 6.0 | 12y ago | Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php. | |||
| CVE-2014-5111 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/aster… | |||
| CVE-2014-4154 | medium | — | 6.0 | 12y ago | ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA passwo… | |||
| CVE-2014-3427 | medium | — | 6.0 | 12y ago | CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model paramete… | |||
| CVE-2014-4940 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/… | |||
| CVE-2014-4937 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2014-4643 | medium | — | 6.0 | 12y ago | Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a lo… | |||
| CVE-2014-4306 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. | |||
| CVE-2014-3976 | medium | — | 6.0 | 12y ago | Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute ar… | |||
| CVE-2014-3975 | medium | — | 6.0 | 12y ago | Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter. | |||
| CVE-2014-3848 | medium | — | 6.0 | 12y ago | The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter. | |||
| CVE-2014-3806 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter. | |||
| CVE-2014-1843 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Propert… | |||
| CVE-2014-1842 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar … | |||
| CVE-2014-1841 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot… | |||
| CVE-2014-2976 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081. | |||
| CVE-2014-2668 | medium | — | 6.0 | 12y ago | Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. | |||
| CVE-2014-0094 | medium | — | 6.0 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-1664 | medium | — | 6.0 | 13y ago | The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens … | |||
| CVE-2014-1637 | medium | — | 6.0 | 13y ago | Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request. | |||
| CVE-2014-0868 | medium | — | 5.9 | 12y ago | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intend… | |||
| CVE-2014-0865 | medium | — | 5.9 | 12y ago | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intend… | |||
| CVE-2014-1322 | medium | — | 5.9 | 12y ago | The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mecha… |