CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-10013 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch ac… | |||
| CVE-2014-10011 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long st… | |||
| CVE-2014-100003 | high | — | 8.5 | 12y ago | SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_dow… | |||
| CVE-2014-9473 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executabl… | |||
| CVE-2014-9567 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP exte… | |||
| CVE-2014-9528 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to ex… | |||
| CVE-2014-9464 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, rel… | |||
| CVE-2014-9448 | high | — | 8.5 | 12y ago | Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file. | |||
| CVE-2014-9445 | high | — | 8.5 | 12y ago | SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this c… | |||
| CVE-2014-9440 | high | — | 8.5 | 12y ago | SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||
| CVE-2014-9254 | high | — | 8.5 | 12y ago | bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to… | |||
| CVE-2014-9115 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitr… | |||
| CVE-2014-5208 | high | — | 8.5 | 12y ago | BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authe… | |||
| CVE-2014-9193 | high | — | 8.5 | 12y ago | Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting. | |||
| CVE-2014-6395 | high | — | 8.5 | 12y ago | Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitra… | |||
| CVE-2014-8507 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow rem… | |||
| CVE-2014-7879 | high | — | 8.5 | 12y ago | HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unsp… | |||
| CVE-2014-7866 | high | — | 8.5 | 12y ago | Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated us… | |||
| CVE-2014-9348 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots… | |||
| CVE-2014-9347 | high | — | 8.5 | 12y ago | SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter. | |||
| CVE-2014-9345 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in… | |||
| CVE-2014-4880 | high | — | 8.5 | 12y ago | Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorizat… | |||
| CVE-2014-9304 | high | — | 8.5 | 12y ago | Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers… | |||
| CVE-2014-9215 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email paramet… | |||
| CVE-2014-9144 | high | — | 8.5 | 12y ago | Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | |||
| CVE-2014-3997 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 an… | |||
| CVE-2014-3996 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager… | |||
| CVE-2014-7868 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbit… | |||
| CVE-2014-6035 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) i… | |||
| CVE-2014-9242 | high | — | 8.5 | 12y ago | SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||
| CVE-2014-9240 | high | — | 8.5 | 12y ago | SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register act… | |||
| CVE-2014-9237 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. | |||
| CVE-2014-9178 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote a… | |||
| CVE-2014-9175 | high | — | 8.5 | 12y ago | SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a ge… | |||
| CVE-2014-9173 | high | — | 8.5 | 12y ago | SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. | |||
| CVE-2014-8728 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL comman… | |||
| CVE-2014-9097 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to … | |||
| CVE-2014-9096 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter. | |||
| CVE-2014-9095 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records. | |||
| CVE-2014-8682 | high | — | 8.5 | 12y ago | SQL Injection in Gogs in gogs.io/gogs | |||
| CVE-2014-8681 | high | — | 8.5 | 12y ago | SQL Injection in github.com/gogits/gogs | |||
| CVE-2014-9005 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search ac… | |||
| CVE-2014-8997 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an exe… | |||
| CVE-2014-7910 | high | — | 8.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-7146 | high | — | 8.5 | 12y ago | The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is… | |||
| CVE-2014-8596 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/s… | |||
| CVE-2014-8517 | high | — | 8.5 | 12y ago | The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary c… | |||
| CVE-2014-3437 | high | — | 8.5 | 12y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing … | |||
| CVE-2014-8586 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | |||
| CVE-2014-7228 | high | — | 8.5 | 12y ago | Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for … | |||
| CVE-2014-2988 | high | — | 8.5 | 12y ago | EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbit… | |||
| CVE-2014-5520 | high | — | 8.5 | 12y ago | SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly ha… | |||
| CVE-2014-6037 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a … | |||
| CVE-2014-5006 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/… | |||
| CVE-2014-5005 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an L… | |||
| CVE-2014-7140 | high | — | 8.5 | 12y ago | Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote … | |||
| CVE-2014-2081 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbit… | |||
| CVE-2014-8306 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated … | |||
| CVE-2014-3704 | high | — | 8.5 | 12y ago | The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection att… | |||
| CVE-2014-8295 | high | — | 8.5 | 12y ago | SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | |||
| CVE-2014-7201 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to … | |||
| CVE-2014-4872 | high | — | 8.5 | 12y ago | BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configur… | |||
| CVE-2014-7226 | high | — | 8.5 | 12y ago | The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are in… | |||
| CVE-2014-7981 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6607 | high | — | 8.5 | 12y ago | M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and… | |||
| CVE-2014-6389 | high | — | 8.5 | 12y ago | backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter. | |||
| CVE-2014-2044 | high | — | 8.5 | 12y ago | Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbi… | |||
| CVE-2014-6446 | high | — | 8.5 | 12y ago | The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via … | |||
| CVE-2014-4621 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated u… | |||
| CVE-2014-2008 | high | — | 8.5 | 12y ago | SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | |||
| CVE-2014-6235 | high | — | 8.5 | 12y ago | Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2014-5519 | high | — | 8.5 | 12y ago | The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of the… | |||
| CVE-2014-2223 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a… | |||
| CVE-2014-3094 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code… | |||
| CVE-2014-5119 | high | — | 8.5 | 12y ago | Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code … | |||
| CVE-2014-5073 | high | — | 8.5 | 12y ago | vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call. | |||
| CVE-2014-5097 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to… | |||
| CVE-2014-4618 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. | |||
| CVE-2014-2515 | high | — | 8.5 | 12y ago | EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod,… | |||
| CVE-2014-4345 | high | — | 8.5 | 12y ago | Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before … | |||
| CVE-2014-3338 | high | — | 8.5 | 12y ago | The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to … | |||
| CVE-2014-5201 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/a… | |||
| CVE-2014-5200 | high | — | 8.5 | 12y ago | SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-5192 | high | — | 8.5 | 12y ago | SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter. | |||
| CVE-2014-5189 | high | — | 8.5 | 12y ago | SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-5089 | high | — | 8.5 | 12y ago | SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | |||
| CVE-2014-5082 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (… | |||
| CVE-2014-5112 | high | — | 8.5 | 12y ago | maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. | |||
| CVE-2014-5109 | high | — | 8.5 | 12y ago | SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action. | |||
| CVE-2014-5104 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) a… | |||
| CVE-2014-4725 | high | — | 8.5 | 12y ago | The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-a… | |||
| CVE-2014-2625 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input,… | |||
| CVE-2014-4736 | high | — | 8.5 | 12y ago | SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process. | |||
| CVE-2014-4511 | high | — | 8.5 | 12y ago | Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstra… | |||
| CVE-2014-4960 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbit… | |||
| CVE-2014-2364 | high | — | 8.5 | 12y ago | Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) … | |||
| CVE-2014-2622 | high | — | 8.5 | 12y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to obtai… | |||
| CVE-2014-4938 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to w… | |||
| CVE-2014-4852 | high | — | 8.5 | 12y ago | SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-4741 | high | — | 8.5 | 12y ago | SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |