Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-10030 | 1 Fluxbb | 1 Fluxbb | 2015-01-13 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | |||||
| CVE-2014-10025 | 1 D-link | 2 Dap-1360, Dap-1360 Firmware | 2015-01-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi. | |||||
| CVE-2014-10026 | 1 D-link | 2 Dap-1360, Dap-1360 Firmware | 2015-01-13 | 5.0 MEDIUM | N/A |
| index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. | |||||
| CVE-2014-10028 | 1 D-link | 2 Dap-1360, Dap-1360 Firmware | 2015-01-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. | |||||
| CVE-2014-10024 | 1 Divx | 3 Directshowdemuxfilter, Player, Web Player | 2015-01-13 | 7.5 HIGH | N/A |
| Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow. | |||||
| CVE-2014-10022 | 1 Apache | 1 Traffic Server | 2015-01-13 | 5.0 MEDIUM | N/A |
| Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. | |||||
| CVE-2014-10015 | 1 Phpjabbers | 1 Event Booking Calendar | 2015-01-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2014-10006 | 1 Maianscriptworld | 1 Maian Uploader | 2015-01-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. | |||||
| CVE-2014-10005 | 1 Maianscriptworld | 1 Maian Uploader | 2015-01-13 | 5.0 MEDIUM | N/A |
| Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. | |||||
| CVE-2014-10002 | 1 Jetbrains | 1 Teamcity | 2015-01-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2014-100009 | 1 Joomlaskin | 1 Js Multi Hotel | 2015-01-13 | 5.0 MEDIUM | N/A |
| The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php, (2) myCalendar.php, (3) refreshDate.php, (4) show_image.php, (5) widget.php, (6) phpthumb/GdThumb.inc.php, or (7) phpthumb/thumb_plugins/gd_reflection.inc.php in includes/. | |||||
| CVE-2014-10027 | 1 D-link | 2 Dap-1360, Dap-1360 Firmware | 2015-01-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi. | |||||
| CVE-2013-2604 | 1 Realnetworks | 1 Realarcade Installer | 2015-01-13 | 7.2 HIGH | N/A |
| RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory. | |||||
| CVE-2013-2603 | 1 Realnetworks | 1 Realarcade Installer | 2015-01-13 | 10.0 HIGH | N/A |
| The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method. | |||||
| CVE-2014-32537 | 2015-01-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2354. Reason: This candidate is a duplicate of CVE-2014-2354. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2354 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-59156 | 2015-01-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2352. Reason: This candidate is a duplicate of CVE-2014-2352. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2352 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-62771 | 2015-01-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271. Reason: This candidate is a duplicate of CVE-2014-6271. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-6271 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-72038 | 2015-01-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2353. Reason: This candidate is a duplicate of CVE-2014-2353. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2353 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-9510 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2015-01-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. | |||||
| CVE-2014-9190 | 1 Schneider-electric | 1 Wonderware Intouch Access Anywhere Server | 2015-01-12 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. | |||||