CVEs from 2014
Total
7,862
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-5260 | medium | — | 6.3 | 12y ago | The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file. | |||
| CVE-2014-3064 | medium | — | 6.3 | 12y ago | The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 an… | |||
| CVE-2014-3264 | medium | — | 6.3 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug … | |||
| CVE-2014-2183 | medium | — | 6.3 | 12y ago | The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCu… | |||
| CVE-2014-2719 | medium | — | 6.3 | 12y ago | Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator… | |||
| CVE-2014-1272 | medium | — | 6.3 | 12y ago | CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. | |||
| CVE-2014-2205 | medium | — | 6.3 | 12y ago | The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importi… | |||
| CVE-2014-0755 | medium | — | 6.3 | 13y ago | Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive informatio… | |||
| CVE-2014-0667 | medium | — | 6.3 | 13y ago | The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to th… | |||
| CVE-2014-0400 | medium | — | 6.3 | 13y ago | Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related … | |||
| CVE-2014-3248 | medium | — | 6.2 | 9y ago | Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5… | |||
| CVE-2014-8716 | medium | 6.2 | 6.2 | 9y ago | The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). | |||
| CVE-2014-5045 | medium | — | 6.2 | 12y ago | The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a s… | |||
| CVE-2014-0240 | medium | — | 6.2 | 12y ago | The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain pri… | |||
| CVE-2014-2349 | medium | — | 6.2 | 12y ago | Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrat… | |||
| CVE-2014-3125 | medium | — | 6.2 | 12y ago | Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash)… | |||
| CVE-2014-0742 | medium | — | 6.2 | 12y ago | The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or… | |||
| CVE-2014-0741 | medium | — | 6.2 | 12y ago | The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to rea… | |||
| CVE-2014-9678 | medium | 6.1 | 6.1 | 9y ago | FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to conduct content-spoofing attacks via the Swfile parameter. | |||
| CVE-2014-9677 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter. | |||
| CVE-2014-8087 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline ac… | |||
| CVE-2014-0029 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2014-8758 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gall… | |||
| CVE-2014-8492 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or … | |||
| CVE-2014-7240 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a … | |||
| CVE-2014-9758 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. | |||
| CVE-2014-9557 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2. | |||
| CVE-2014-9514 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. | |||
| CVE-2014-9469 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. | |||
| CVE-2014-8753 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6. | |||
| CVE-2014-8168 | medium | 6.1 | 6.1 | 9y ago | Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | |||
| CVE-2014-4925 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40. | |||
| CVE-2014-0141 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. | |||
| CVE-2014-9564 | medium | 6.1 | 6.1 | 9y ago | CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HT… | |||
| CVE-2014-6189 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5… | |||
| CVE-2014-6393 | medium | 6.1 | 6.1 | 9y ago | The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduc… | |||
| CVE-2014-9310 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress. | |||
| CVE-2014-2710 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login pa… | |||
| CVE-2014-8703 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2014-3926 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter. | |||
| CVE-2014-9916 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page requ… | |||
| CVE-2014-9905 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) c… | |||
| CVE-2014-9760 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username. | |||
| CVE-2014-9772 | medium | 6.1 | 6.1 | 10y ago | XSS Filter Bypass via Encoded URL in validator | |||
| CVE-2014-9717 | medium | 6.1 | 6.1 | 10y ago | fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restr… | |||
| CVE-2014-7151 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (… | |||
| CVE-2014-6444 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to ifr… | |||
| CVE-2014-9422 | medium | — | 6.1 | 12y ago | The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated user… | |||
| CVE-2014-6385 | medium | — | 6.1 | 12y ago | Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.… | |||
| CVE-2014-8884 | medium | — | 6.1 | 12y ago | Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial o… | |||
| CVE-2014-7997 | medium | — | 6.1 | 12y ago | The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cau… | |||
| CVE-2014-3409 | medium | — | 6.1 | 12y ago | The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device relo… | |||
| CVE-2014-7154 | medium | — | 6.1 | 12y ago | Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a d… | |||
| CVE-2014-3379 | medium | — | 6.1 | 12y ago | Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCu… | |||
| CVE-2014-4406 | medium | 6.1 | 6.1 | 12y ago | Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-2388 | medium | — | 6.1 | 12y ago | The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-depe… | |||
| CVE-2014-3322 | medium | — | 6.1 | 12y ago | Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via mal… | |||
| CVE-2014-3284 | medium | — | 6.1 | 12y ago | Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | |||
| CVE-2014-3273 | medium | — | 6.1 | 12y ago | The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. | |||
| CVE-2014-1530 | medium | 6.1 | 6.1 | 12y ago | The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL wi… | |||
| CVE-2014-2182 | medium | — | 6.1 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun4… | |||
| CVE-2014-0353 | medium | — | 6.1 | 12y ago | The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters. | |||
| CVE-2014-2144 | medium | — | 6.1 | 12y ago | Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CS… | |||
| CVE-2014-2131 | medium | — | 6.1 | 12y ago | The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD)… | |||
| CVE-2014-2526 | medium | 6.1 | 6.1 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to … | |||
| CVE-2014-2252 | medium | — | 6.1 | 12y ago | Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability t… | |||
| CVE-2014-2253 | medium | — | 6.1 | 12y ago | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets. | |||
| CVE-2014-2309 | medium | — | 6.1 | 12y ago | The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory co… | |||
| CVE-2014-1219 | medium | — | 6.1 | 13y ago | CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end o… | |||
| CVE-2014-0482 | medium | — | 6.0 | 4y ago | The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.R… | |||
| CVE-2014-3476 | medium | — | 6.0 | 4y ago | OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges b… | |||
| CVE-2014-8175 | medium | — | 6.0 | 11y ago | Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file. | |||
| CVE-2014-9734 | medium | — | 6.0 | 11y ago | Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a rev… | |||
| CVE-2014-8605 | medium | — | 6.0 | 11y ago | The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to … | |||
| CVE-2014-8604 | medium | — | 6.0 | 11y ago | The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive inform… | |||
| CVE-2014-0999 | medium | — | 6.0 | 11y ago | Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Ref… | |||
| CVE-2014-9261 | medium | — | 6.0 | 11y ago | The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path … | |||
| CVE-2014-7883 | medium | — | 6.0 | 12y ago | HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response. | |||
| CVE-2014-8826 | medium | — | 6.0 | 12y ago | LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. | |||
| CVE-2014-9573 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the… | |||
| CVE-2014-8802 | medium | — | 6.0 | 12y ago | The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted … | |||
| CVE-2014-100029 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newt… | |||
| CVE-2014-10010 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pj… | |||
| CVE-2014-100002 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to Wor… | |||
| CVE-2014-9581 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue wa… | |||
| CVE-2014-9436 | medium | — | 6.0 | 12y ago | Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. | |||
| CVE-2014-9119 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2014-1908 | medium | — | 6.0 | 12y ago | The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attac… | |||
| CVE-2014-6168 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for reque… | |||
| CVE-2014-6187 | medium | — | 6.0 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8… | |||
| CVE-2014-9324 | medium | — | 6.0 | 12y ago | The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vector… | |||
| CVE-2014-8272 | medium | — | 6.0 | 12y ago | The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote at… | |||
| CVE-2014-8270 | medium | — | 6.0 | 12y ago | BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. | |||
| CVE-2014-3058 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users … | |||
| CVE-2014-9350 | medium | — | 6.0 | 12y ago | TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" va… | |||
| CVE-2014-9218 | medium | — | 6.0 | 12y ago | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long p… | |||
| CVE-2014-9302 | medium | — | 6.0 | 12y ago | Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attacke… | |||
| CVE-2014-6034 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.… | |||
| CVE-2014-5446 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read a… | |||
| CVE-2014-5445 | medium | — | 6.0 | 12y ago | Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via… |