Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4686 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 6.8 MEDIUM | N/A |
| The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030. | |||||
| CVE-2014-2717 | 1 Honeywell | 2 Falcon Xlweb Linux Controller, Falcon Xlweb Xlwebexe | 2014-07-25 | 7.6 HIGH | N/A |
| Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page. | |||||
| CVE-2014-0607 | 1 Attachmate | 1 Verastream Process Designer | 2014-07-24 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file. | |||||
| CVE-2014-5023 | 1 Gitlist | 1 Gitlist | 2014-07-22 | 6.8 MEDIUM | N/A |
| Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command. | |||||
| CVE-2013-7392 | 1 Gitlist | 1 Gitlist | 2014-07-22 | 7.5 HIGH | N/A |
| Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. | |||||
| CVE-2014-5018 | 1 Limesurvey | 1 Limesurvey | 2014-07-22 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume. | |||||
| CVE-2014-1956 | 1 Fortinet | 1 Fortiweb | 2014-07-18 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2014-2951 | 1 Datumsystems | 1 Snip | 2014-07-15 | 10.0 HIGH | N/A |
| Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2014-2950 | 1 Datumsystems | 1 Snip | 2014-07-15 | 7.8 HIGH | N/A |
| Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions, which allows remote attackers to obtain sensitive information via RETR commands. | |||||
| CVE-2014-2926 | 1 Kaseya | 1 Virtual System Administrator | 2014-07-15 | 1.7 LOW | N/A |
| kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | |||||
| CVE-2014-4851 | 1 Foecms | 1 Foecms | 2014-07-10 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter. | |||||
| CVE-2014-4720 | 1 Email\ | 1 \ | 2014-07-07 | 5.0 MEDIUM | N/A |
| Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477. | |||||
| CVE-2013-4143 | 1 David Bagley | 1 Xlockmore | 2014-06-26 | 2.1 LOW | N/A |
| The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts. | |||||
| CVE-2014-2591 | 1 Bmc | 1 Patrol Agent | 2014-06-24 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. | |||||
| CVE-2013-7323 | 1 Vinay Sajip | 1 Python-gnupg | 2014-06-24 | 7.5 HIGH | N/A |
| python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2014-3877 | 1 Ulli Horlacher | 1 Fex | 2014-06-18 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup. | |||||
| CVE-2014-3782 | 1 Dotclear | 1 Dotclear | 2014-06-12 | 6.0 MEDIUM | N/A |
| Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension. | |||||
| CVE-2013-2602 | 1 Myheritage | 1 Sequeryobject Activex Control | 2014-06-09 | 9.3 HIGH | N/A |
| Multiple array index errors in the MyHeritage SEQueryObject ActiveX control (SearchEngineQuery.dll) 1.0.2.0 allow remote attackers to execute arbitrary code via the (1) seTokensArray, or (2) seTokensValuesArray parameter to the AddTokens method; (3) seLastNameTokensArray parameter to the AddLastNameTokens method; (4) seFrameIdArray, (5) seSourceIdArray, (6) seHasBreakdownArray, (7) seIsIndexedArray, (8) seAllConcatArray, (9) seRefererURLArray, or (10) seMandatoryFieldsArray parameter to the AddMultipleSearches method; (11) seSourceIdArray, (12) seIsIndexedArray, (13) seAllConcatArray, (14) seRefererURLArray, (15) seQATestsArray, (16) seAllSourceIDsArray, (17) seAllSourceTitlesArray, (18) seMandatoryFieldsArray, or (19) seAllSourceRootURLArray parameter to the TestYourself method. | |||||
| CVE-2013-0250 | 1 Corosync | 1 Corosync | 2014-06-09 | 5.0 MEDIUM | N/A |
| The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet. | |||||
| CVE-2014-2056 | 2 Owncloud, Phpdocx | 2 Owncloud, Phpdocx | 2014-06-04 | 7.5 HIGH | N/A |
| PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | |||||