Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9593 | 1 Apache | 1 Cloudstack | 2015-01-16 | 5.0 MEDIUM | N/A |
| Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. | |||||
| CVE-2014-9596 | 1 Panasonic | 4 Arbitrator Back-end Server Mk 2.0 Vpu, Arbitrator Back-end Server Mk 2.0 Vpu Firmware, Arbitrator Back-end Server Mk 3.0 Vpu and 1 more | 2015-01-16 | 4.3 MEDIUM | N/A |
| Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information. | |||||
| CVE-2014-9587 | 1 Roundcube | 1 Webmail | 2015-01-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins. | |||||
| CVE-2014-9560 | 1 Softbb | 1 Softbb | 2015-01-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||||
| CVE-2014-9561 | 1 Softbb | 1 Softbb | 2015-01-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter. | |||||
| CVE-2014-9308 | 1 Wpeasycart | 1 Wp Easycart | 2015-01-16 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/. | |||||
| CVE-2014-8153 | 2 Litech, Openstack | 2 Router Advertisement Daemon, Neutron | 2015-01-15 | 4.0 MEDIUM | N/A |
| The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each. | |||||
| CVE-2015-1052 | 1 Phpkit | 1 Phpkit | 2015-01-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php. | |||||
| CVE-2015-1040 | 1 Bedita | 1 Bedita | 2015-01-15 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view. | |||||
| CVE-2015-1039 | 1 Zfcuser Project | 1 Zfcuser | 2015-01-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. | |||||
| CVE-2014-10035 | 1 Couponphp | 1 Couponphp | 2015-01-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php. | |||||
| CVE-2014-100039 | 1 Malwarebytes | 1 Malwarebytes Anti-exploit | 2015-01-14 | 2.1 LOW | N/A |
| mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-100035 | 1 Licensepal | 1 Arcticdesk | 2015-01-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-100033 | 1 Licensepal | 1 Arcticdesk | 2015-01-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LicensePal ArcticDesk before 1.2.5 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-100037 | 1 Storytlr | 1 Storytlr | 2015-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to archives/. | |||||
| CVE-2014-100021 | 1 Orangehrm | 1 Orangehrm | 2015-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter. | |||||
| CVE-2014-100018 | 1 Unconfirmed Project | 1 Unconfirmed | 2015-01-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php. | |||||
| CVE-2014-100012 | 1 Sendy | 1 Sendy | 2015-01-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||||
| CVE-2014-9459 | 1 E107 | 1 E107 | 2015-01-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. | |||||
| CVE-2014-9507 | 1 Mediawiki | 1 Mediawiki | 2015-01-13 | 2.6 LOW | N/A |
| MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS. | |||||