CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9118 | high | 8.8 | 9.8 | 9y ago | The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | |||
| CVE-2014-8357 | high | 8.8 | 9.8 | 9y ago | backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the s… | |||
| CVE-2014-9463 | high | 8.8 | 9.8 | 9y ago | functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | |||
| CVE-2014-9312 | high | 8.8 | 9.8 | 9y ago | Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | |||
| CVE-2014-5301 | high | 8.8 | 9.8 | 9y ago | Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. | |||
| CVE-2014-9260 | high | 8.8 | 9.8 | 9y ago | The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. | |||
| CVE-2014-2084 | high | — | 9.5 | 12y ago | Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain s… | |||
| CVE-2014-2850 | high | — | 9.5 | 12y ago | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address paramet… | |||
| CVE-2014-2849 | high | — | 9.5 | 12y ago | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | |||
| CVE-2014-2127 | high | — | 9.5 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly … | |||
| CVE-2014-3888 | high | — | 9.3 | 12y ago | Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and ear… | |||
| CVE-2014-0782 | high | — | 9.3 | 12y ago | Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM… | |||
| CVE-2014-0784 | high | — | 9.3 | 12y ago | Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet. | |||
| CVE-2014-9262 | high | 8.2 | 9.2 | 9y ago | The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | |||
| CVE-2014-1649 | high | — | 8.9 | 12y ago | The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. | |||
| CVE-2014-3498 | high | 8.8 | 8.8 | 4y ago | The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. | |||
| CVE-2014-0120 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf se… | |||
| CVE-2014-8358 | high | 7.8 | 8.8 | 9y ago | Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the… | |||
| CVE-2014-3150 | high | 8.8 | 8.8 | 9y ago | Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | |||
| CVE-2014-4000 | high | 8.8 | 8.8 | 9y ago | Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashe… | |||
| CVE-2014-3709 | high | 8.8 | 8.8 | 9y ago | JBoss Keycloak CSRF Vulnerability | |||
| CVE-2014-2664 | high | 8.8 | 8.8 | 9y ago | Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execut… | |||
| CVE-2014-8170 | high | 8.8 | 8.8 | 9y ago | ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, … | |||
| CVE-2014-6106 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site… | |||
| CVE-2014-9565 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. | |||
| CVE-2014-8393 | high | 7.8 | 8.8 | 9y ago | DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. | |||
| CVE-2014-8900 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. | |||
| CVE-2014-5302 | high | 8.8 | 8.8 | 9y ago | Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to ex… | |||
| CVE-2014-9831 | high | 8.8 | 8.8 | 9y ago | coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | |||
| CVE-2014-9830 | high | 8.8 | 8.8 | 9y ago | coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | |||
| CVE-2014-9828 | high | 8.8 | 8.8 | 9y ago | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | |||
| CVE-2014-9827 | high | 8.8 | 8.8 | 9y ago | coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | |||
| CVE-2014-8903 | high | 8.8 | 8.8 | 9y ago | IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. | |||
| CVE-2014-8149 | high | 8.8 | 8.8 | 9y ago | OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. | |||
| CVE-2014-0225 | high | 8.8 | 8.8 | 9y ago | Improper Restriction of XML External Entity Reference in Spring Framework | |||
| CVE-2014-9696 | high | 8.8 | 8.8 | 9y ago | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalat… | |||
| CVE-2014-9695 | high | 8.8 | 8.8 | 9y ago | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operatio… | |||
| CVE-2014-9694 | high | 8.8 | 8.8 | 9y ago | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R… | |||
| CVE-2014-9137 | high | 8.8 | 8.8 | 9y ago | Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with s… | |||
| CVE-2014-9136 | high | 8.8 | 8.8 | 9y ago | Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | |||
| CVE-2014-4707 | high | 8.8 | 8.8 | 9y ago | Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00… | |||
| CVE-2014-9938 | high | 8.8 | 8.8 | 9y ago | contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | |||
| CVE-2014-9765 | high | 8.8 | 8.8 | 10y ago | Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. | |||
| CVE-2014-9768 | high | 8.8 | 8.8 | 10y ago | IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the v… | |||
| CVE-2014-9495 | high | 8.8 | 8.8 | 12y ago | Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrar… | |||
| CVE-2014-9322 | high | 7.8 | 8.8 | 12y ago | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by tr… | |||
| CVE-2014-9303 | high | — | 8.8 | 12y ago | EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or… | |||
| CVE-2014-8868 | high | — | 8.8 | 12y ago | EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive informati… | |||
| CVE-2014-9489 | high | 8.8 | 8.8 | 12y ago | gollum and gollum-lib allow remote authenticated users to execute arbitrary code | |||
| CVE-2014-8425 | high | — | 8.8 | 12y ago | The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. | |||
| CVE-2014-8424 | high | — | 8.8 | 12y ago | ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | |||
| CVE-2014-4627 | high | 8.8 | 8.8 | 12y ago | SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-2815 | high | 8.8 | 8.8 | 12y ago | Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Exec… | |||
| CVE-2014-4927 | high | — | 8.8 | 12y ago | Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long strin… | |||
| CVE-2014-4018 | high | — | 8.8 | 12y ago | The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-2962 | high | — | 8.8 | 12y ago | Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname i… | |||
| CVE-2014-4153 | high | — | 8.8 | 12y ago | The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. | |||
| CVE-2014-1531 | high | 8.8 | 8.8 | 12y ago | Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2… | |||
| CVE-2014-1529 | high | 8.8 | 8.8 | 12y ago | The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component r… | |||
| CVE-2014-1518 | high | 8.8 | 8.8 | 12y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to c… | |||
| CVE-2014-0644 | high | — | 8.8 | 12y ago | EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity r… | |||
| CVE-2014-0358 | high | — | 8.8 | 12y ago | Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatu… | |||
| CVE-2014-1513 | high | 8.8 | 8.8 | 12y ago | TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayB… | |||
| CVE-2014-1509 | high | 8.8 | 8.8 | 12y ago | Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allow… | |||
| CVE-2014-1497 | high | 8.8 | 8.8 | 12y ago | The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain se… | |||
| CVE-2014-1482 | high | 8.8 | 8.8 | 13y ago | RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attacke… | |||
| CVE-2014-2579 | high | — | 8.6 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the… | |||
| CVE-2014-9147 | high | 7.5 | 8.5 | 9y ago | Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. | |||
| CVE-2014-0997 | high | 7.5 | 8.5 | 9y ago | WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and poten… | |||
| CVE-2014-8675 | high | 7.5 | 8.5 | 9y ago | Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force at… | |||
| CVE-2014-1677 | high | 7.5 | 8.5 | 9y ago | Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | |||
| CVE-2014-8722 | high | 7.5 | 8.5 | 9y ago | GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.x… | |||
| CVE-2014-2331 | high | — | 8.5 | 11y ago | Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers b… | |||
| CVE-2014-9735 | high | — | 8.5 | 11y ago | The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX function… | |||
| CVE-2014-8147 | high | — | 8.5 | 11y ago | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type… | |||
| CVE-2014-8146 | high | — | 8.5 | 11y ago | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track d… | |||
| CVE-2014-5370 | high | — | 8.5 | 11y ago | Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbit… | |||
| CVE-2014-9145 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, o… | |||
| CVE-2014-9707 | high | — | 8.5 | 11y ago | EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (… | |||
| CVE-2014-9566 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 1… | |||
| CVE-2014-7864 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attacke… | |||
| CVE-2014-9633 | high | — | 8.5 | 12y ago | The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. | |||
| CVE-2014-6141 | high | — | 8.5 | 12y ago | IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restricti… | |||
| CVE-2014-4492 | high | — | 8.5 | 12y ago | libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary… | |||
| CVE-2014-8386 | high | — | 8.5 | 12y ago | Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter i… | |||
| CVE-2014-8143 | high | — | 8.5 | 12y ago | Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccount… | |||
| CVE-2014-8636 | high | — | 8.5 | 12y ago | The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to exe… | |||
| CVE-2014-10038 | high | — | 8.5 | 12y ago | SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. | |||
| CVE-2014-10037 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php. | |||
| CVE-2014-10031 | high | — | 8.5 | 12y ago | Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command. | |||
| CVE-2014-100031 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. | |||
| CVE-2014-100020 | high | — | 8.5 | 12y ago | SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is alrea… | |||
| CVE-2014-100014 | high | — | 8.5 | 12y ago | Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 o… | |||
| CVE-2014-100012 | high | — | 8.5 | 12y ago | SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||
| CVE-2014-100011 | high | — | 8.5 | 12y ago | SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||
| CVE-2014-10029 | high | — | 8.5 | 12y ago | SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter. | |||
| CVE-2014-10023 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.… | |||
| CVE-2014-10021 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable ext… | |||
| CVE-2014-10020 | high | — | 8.5 | 12y ago | SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||
| CVE-2014-10015 | high | — | 8.5 | 12y ago | SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. |