CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9118 | high | 8.8 | 9.8 | 9y ago | The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | |||
| CVE-2014-8357 | high | 8.8 | 9.8 | 9y ago | backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the s… | |||
| CVE-2014-9463 | high | 8.8 | 9.8 | 9y ago | functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | |||
| CVE-2014-9312 | high | 8.8 | 9.8 | 9y ago | Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | |||
| CVE-2014-5301 | high | 8.8 | 9.8 | 9y ago | Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. | |||
| CVE-2014-9260 | high | 8.8 | 9.8 | 9y ago | The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. | |||
| CVE-2014-2084 | high | — | 9.5 | 12y ago | Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain s… | |||
| CVE-2014-2850 | high | — | 9.5 | 12y ago | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address paramet… | |||
| CVE-2014-2849 | high | — | 9.5 | 12y ago | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | |||
| CVE-2014-2127 | high | — | 9.5 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly … | |||
| CVE-2014-3888 | high | — | 9.3 | 12y ago | Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and ear… | |||
| CVE-2014-0782 | high | — | 9.3 | 12y ago | Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM… | |||
| CVE-2014-0784 | high | — | 9.3 | 12y ago | Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet. | |||
| CVE-2014-9262 | high | 8.2 | 9.2 | 9y ago | The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | |||
| CVE-2014-1649 | high | — | 8.9 | 12y ago | The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. | |||
| CVE-2014-8358 | high | 7.8 | 8.8 | 9y ago | Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the… | |||
| CVE-2014-8393 | high | 7.8 | 8.8 | 9y ago | DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. | |||
| CVE-2014-9322 | high | 7.8 | 8.8 | 12y ago | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by tr… | |||
| CVE-2014-9303 | high | — | 8.8 | 12y ago | EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or… | |||
| CVE-2014-8868 | high | — | 8.8 | 12y ago | EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive informati… | |||
| CVE-2014-8425 | high | — | 8.8 | 12y ago | The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. | |||
| CVE-2014-8424 | high | — | 8.8 | 12y ago | ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | |||
| CVE-2014-4927 | high | — | 8.8 | 12y ago | Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long strin… | |||
| CVE-2014-4018 | high | — | 8.8 | 12y ago | The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-2962 | high | — | 8.8 | 12y ago | Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname i… | |||
| CVE-2014-4153 | high | — | 8.8 | 12y ago | The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. | |||
| CVE-2014-0644 | high | — | 8.8 | 12y ago | EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity r… | |||
| CVE-2014-0358 | high | — | 8.8 | 12y ago | Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatu… | |||
| CVE-2014-2579 | high | — | 8.6 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the… | |||
| CVE-2014-9147 | high | 7.5 | 8.5 | 9y ago | Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. | |||
| CVE-2014-0997 | high | 7.5 | 8.5 | 9y ago | WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and poten… | |||
| CVE-2014-8675 | high | 7.5 | 8.5 | 9y ago | Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force at… | |||
| CVE-2014-1677 | high | 7.5 | 8.5 | 9y ago | Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | |||
| CVE-2014-8722 | high | 7.5 | 8.5 | 9y ago | GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.x… | |||
| CVE-2014-9735 | high | — | 8.5 | 11y ago | The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX function… | |||
| CVE-2014-8147 | high | — | 8.5 | 11y ago | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type… | |||
| CVE-2014-8146 | high | — | 8.5 | 11y ago | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track d… | |||
| CVE-2014-5370 | high | — | 8.5 | 11y ago | Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbit… | |||
| CVE-2014-9145 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, o… | |||
| CVE-2014-9707 | high | — | 8.5 | 11y ago | EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (… | |||
| CVE-2014-9566 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 1… | |||
| CVE-2014-7864 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attacke… | |||
| CVE-2014-9633 | high | — | 8.5 | 12y ago | The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. | |||
| CVE-2014-4492 | high | — | 8.5 | 12y ago | libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary… | |||
| CVE-2014-8386 | high | — | 8.5 | 12y ago | Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter i… | |||
| CVE-2014-8636 | high | — | 8.5 | 12y ago | The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to exe… | |||
| CVE-2014-10038 | high | — | 8.5 | 12y ago | SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. | |||
| CVE-2014-10037 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php. | |||
| CVE-2014-10031 | high | — | 8.5 | 12y ago | Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command. | |||
| CVE-2014-100031 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. | |||
| CVE-2014-100020 | high | — | 8.5 | 12y ago | SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is alrea… | |||
| CVE-2014-100014 | high | — | 8.5 | 12y ago | Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 o… | |||
| CVE-2014-100012 | high | — | 8.5 | 12y ago | SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||
| CVE-2014-100011 | high | — | 8.5 | 12y ago | SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||
| CVE-2014-10029 | high | — | 8.5 | 12y ago | SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter. | |||
| CVE-2014-10023 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.… | |||
| CVE-2014-10021 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable ext… | |||
| CVE-2014-10020 | high | — | 8.5 | 12y ago | SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||
| CVE-2014-10015 | high | — | 8.5 | 12y ago | SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2014-10013 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch ac… | |||
| CVE-2014-10011 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long st… | |||
| CVE-2014-100003 | high | — | 8.5 | 12y ago | SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_dow… | |||
| CVE-2014-9473 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executabl… | |||
| CVE-2014-9567 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP exte… | |||
| CVE-2014-9528 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to ex… | |||
| CVE-2014-9464 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, rel… | |||
| CVE-2014-9448 | high | — | 8.5 | 12y ago | Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file. | |||
| CVE-2014-9445 | high | — | 8.5 | 12y ago | SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this c… | |||
| CVE-2014-9440 | high | — | 8.5 | 12y ago | SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||
| CVE-2014-9254 | high | — | 8.5 | 12y ago | bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to… | |||
| CVE-2014-9115 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitr… | |||
| CVE-2014-5208 | high | — | 8.5 | 12y ago | BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authe… | |||
| CVE-2014-6395 | high | — | 8.5 | 12y ago | Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitra… | |||
| CVE-2014-8507 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow rem… | |||
| CVE-2014-7866 | high | — | 8.5 | 12y ago | Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated us… | |||
| CVE-2014-9348 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots… | |||
| CVE-2014-9347 | high | — | 8.5 | 12y ago | SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter. | |||
| CVE-2014-9345 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in… | |||
| CVE-2014-4880 | high | — | 8.5 | 12y ago | Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorizat… | |||
| CVE-2014-9304 | high | — | 8.5 | 12y ago | Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers… | |||
| CVE-2014-9215 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email paramet… | |||
| CVE-2014-9144 | high | — | 8.5 | 12y ago | Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | |||
| CVE-2014-3997 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 an… | |||
| CVE-2014-3996 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager… | |||
| CVE-2014-7868 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbit… | |||
| CVE-2014-6035 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) i… | |||
| CVE-2014-9242 | high | — | 8.5 | 12y ago | SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||
| CVE-2014-9240 | high | — | 8.5 | 12y ago | SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register act… | |||
| CVE-2014-9237 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. | |||
| CVE-2014-9178 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote a… | |||
| CVE-2014-9175 | high | — | 8.5 | 12y ago | SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a ge… | |||
| CVE-2014-9173 | high | — | 8.5 | 12y ago | SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. | |||
| CVE-2014-8728 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL comman… | |||
| CVE-2014-9097 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to … | |||
| CVE-2014-9096 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter. | |||
| CVE-2014-9095 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records. | |||
| CVE-2014-8682 | high | — | 8.5 | 12y ago | SQL Injection in Gogs in gogs.io/gogs | |||
| CVE-2014-8681 | high | — | 8.5 | 12y ago | SQL Injection in github.com/gogits/gogs | |||
| CVE-2014-9005 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search ac… | |||
| CVE-2014-8997 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an exe… |