CVEs from 2014
Total
7,862
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3192 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.212… | |||
| CVE-2014-3191 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaSc… | |||
| CVE-2014-3190 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of servic… | |||
| CVE-2014-3189 | high | — | 7.5 | 12y ago | The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers t… | |||
| CVE-2014-7299 | high | — | 7.5 | 12y ago | Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain … | |||
| CVE-2014-4043 | high | — | 7.5 | 12y ago | The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-… | |||
| CVE-2014-5389 | high | — | 7.5 | 12y ago | SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content typ… | |||
| CVE-2014-0074 | high | — | 7.5 | 12y ago | Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password. | |||
| CVE-2014-3396 | high | — | 7.5 | 12y ago | Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via t… | |||
| CVE-2014-6298 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then access… | |||
| CVE-2014-6295 | high | — | 7.5 | 12y ago | WEC Map (wec_map) extension for TYPO3 allows SQL Injection | |||
| CVE-2014-6293 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild i… | |||
| CVE-2014-6290 | high | — | 7.5 | 12y ago | The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue. | |||
| CVE-2014-6289 | high | — | 7.5 | 12y ago | yag and pt_extbase extensions for TYPO3 allow remote attackers to bypass access restrictions | |||
| CVE-2014-6288 | high | — | 7.5 | 12y ago | TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism | |||
| CVE-2014-3947 | high | — | 7.5 | 12y ago | TYPO3 powermail extension has unrestricted file upload vulnerability | |||
| CVE-2014-6242 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderb… | |||
| CVE-2014-6051 | high | — | 7.5 | 12y ago | Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code … | |||
| CVE-2014-1568 | high | — | 7.5 | 12y ago | Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x befo… | |||
| CVE-2014-7153 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL co… | |||
| CVE-2014-4424 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vector… | |||
| CVE-2014-2376 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vector… | |||
| CVE-2014-5440 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password para… | |||
| CVE-2014-4811 | high | — | 7.5 | 12y ago | IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a di… | |||
| CVE-2014-6043 | medium | — | 7.5 | 12y ago | ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the databa… | |||
| CVE-2014-5460 | medium | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then a… | |||
| CVE-2014-6241 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6239 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6236 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links. | |||
| CVE-2014-6233 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6231 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||
| CVE-2014-3179 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-3178 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impa… | |||
| CVE-2014-0548 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on… | |||
| CVE-2014-3618 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, relate… | |||
| CVE-2014-5504 | high | — | 7.5 | 12y ago | SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, … | |||
| CVE-2014-2685 | high | — | 7.5 | 12y ago | The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only th… | |||
| CVE-2014-5285 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attacker… | |||
| CVE-2014-5521 | medium | — | 7.5 | 12y ago | plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. | |||
| CVE-2014-0485 | high | — | 7.5 | 12y ago | S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/. | |||
| CVE-2014-5399 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5397 | high | — | 7.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2014-3171 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact … | |||
| CVE-2014-3169 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or po… | |||
| CVE-2014-3168 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other … | |||
| CVE-2014-5458 | high | — | 7.5 | 12y ago | SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter. | |||
| CVE-2014-2216 | high | — | 7.5 | 12y ago | The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary cod… | |||
| CVE-2014-5396 | high | — | 7.5 | 12y ago | The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access … | |||
| CVE-2014-5262 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5261 | high | — | 7.5 | 12y ago | The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool comman… | |||
| CVE-2014-4197 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter. | |||
| CVE-2014-5383 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5159 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. | |||
| CVE-2014-3490 | high | — | 7.5 | 12y ago | Incorrect Privilege Assignment in RESTEasy | |||
| CVE-2014-3906 | high | — | 7.5 | 12y ago | SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5203 | high | — | 7.5 | 12y ago | wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data. | |||
| CVE-2014-3514 | high | — | 7.5 | 12y ago | activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection… | |||
| CVE-2014-3063 | high | — | 7.5 | 12y ago | IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before… | |||
| CVE-2014-3904 | high | — | 7.5 | 12y ago | SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5250 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via… | |||
| CVE-2014-5249 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execu… | |||
| CVE-2014-3512 | high | — | 7.5 | 12y ago | Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have uns… | |||
| CVE-2014-3167 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-3165 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attack… | |||
| CVE-2014-0316 | high | — | 7.5 | 12y ago | Memory leak in the Local RPC (LRPC) server implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 … | |||
| CVE-2014-3086 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveragi… | |||
| CVE-2014-5194 | medium | — | 7.5 | 12y ago | Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. | |||
| CVE-2014-3773 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_passwor… | |||
| CVE-2014-3772 | high | — | 7.5 | 12y ago | TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking th… | |||
| CVE-2014-3771 | high | — | 7.5 | 12y ago | TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. | |||
| CVE-2014-5180 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL… | |||
| CVE-2014-5090 | medium | — | 7.5 | 12y ago | admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel. | |||
| CVE-2014-5175 | high | — | 7.5 | 12y ago | The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | |||
| CVE-2014-3055 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified … | |||
| CVE-2014-5114 | high | — | 7.5 | 12y ago | WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter. | |||
| CVE-2014-3541 | high | — | 7.5 | 12y ago | Moodle vulnerable to PHP object injection attacks | |||
| CVE-2014-4726 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors. | |||
| CVE-2014-4858 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (… | |||
| CVE-2014-5102 | high | — | 7.5 | 12y ago | SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items. | |||
| CVE-2014-3530 | high | — | 7.5 | 12y ago | XML External Entity Reference in org.picketlink:picketlink-common | |||
| CVE-2014-5017 | high | — | 7.5 | 12y ago | SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx par… | |||
| CVE-2014-3161 | high | — | 7.5 | 12y ago | The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which … | |||
| CVE-2014-1999 | high | — | 7.5 | 12y ago | The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response. | |||
| CVE-2014-1996 | high | — | 7.5 | 12y ago | Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. | |||
| CVE-2014-2368 | high | — | 7.5 | 12y ago | The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||
| CVE-2014-2367 | high | — | 7.5 | 12y ago | The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||
| CVE-2014-4977 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new … | |||
| CVE-2014-4944 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) ca… | |||
| CVE-2014-4939 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the … | |||
| CVE-2014-3992 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php … | |||
| CVE-2014-4850 | high | — | 7.5 | 12y ago | SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||
| CVE-2014-3515 | high | — | 7.5 | 12y ago | The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers … | |||
| CVE-2014-0539 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adob… | |||
| CVE-2014-0537 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adob… | |||
| CVE-2014-2616 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091. | |||
| CVE-2014-2615 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083. | |||
| CVE-2014-2614 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. | |||
| CVE-2014-0602 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified… | |||
| CVE-2014-4672 | high | — | 7.5 | 12y ago | Yii PHP Framework arbitrary PHP scripts execution | |||
| CVE-2014-3857 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via th… |