Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5466 | 1 Splunk | 1 Splunk | 2014-12-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5359 | 1 Safenet-inc | 1 Safenet Authentication Service Outlook Web Access Agent | 2014-12-17 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa. | |||||
| CVE-2014-4626 | 1 Emc | 1 Documentum Content Server | 2014-12-17 | 9.0 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515. | |||||
| CVE-2014-9150 | 2 Adobe, Microsoft | 3 Acrobat, Acrobat Reader, Windows | 2014-12-17 | 6.4 MEDIUM | N/A |
| Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568. | |||||
| CVE-2014-9141 | 1 Thomsonreuters | 1 Fixed Assets Cs | 2014-12-17 | 7.2 HIGH | N/A |
| The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. | |||||
| CVE-2014-7178 | 1 Enalean | 1 Tuleap | 2014-12-16 | 9.3 HIGH | N/A |
| Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function. | |||||
| CVE-2014-8755 | 1 Panasonic | 1 Network Camera View | 2014-12-16 | 6.8 MEDIUM | N/A |
| Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory." | |||||
| CVE-2014-8610 | 1 Google | 1 Android | 2014-12-16 | 3.3 LOW | N/A |
| AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795. | |||||
| CVE-2014-8379 | 1 Marketo Ma Project | 1 Marketo Ma | 2014-12-16 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules. | |||||
| CVE-2014-8609 | 1 Google | 1 Android | 2014-12-16 | 7.2 HIGH | N/A |
| The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824. | |||||
| CVE-2014-7911 | 1 Google | 1 Android | 2014-12-16 | 7.2 HIGH | N/A |
| luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. | |||||
| CVE-2014-2358 | 1 Fox-it | 1 Fox Datadiode | 2014-12-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions. | |||||
| CVE-2014-4633 | 1 Emc | 1 Rsa Archer Egrc | 2014-12-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8306 | 1 C97 | 1 Cart Engine | 2014-12-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter. | |||||
| CVE-2014-8307 | 1 C97 | 1 Cart Engine | 2014-12-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the "drop down TOP menu (with path)" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRING to (a) index.php, (b) checkout.php, (c) contact.php, (d) detail.php, (e) distro.php, (f) newsletter.php, (g) page.php, (h) profile.php, (i) search.php, (j) sitemap.php, (k) task.php, or (l) tell.php. | |||||
| CVE-2014-8305 | 1 C97 | 1 Cart Engine | 2014-12-16 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php. | |||||
| CVE-2012-5696 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2014-12-16 | 5.0 MEDIUM | N/A |
| Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request. | |||||
| CVE-2012-5697 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2014-12-16 | 4.6 MEDIUM | N/A |
| The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files. | |||||
| CVE-2012-5694 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2014-12-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/. | |||||
| CVE-2014-8269 | 1 Honeywell | 1 Opos Suite | 2014-12-16 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method. | |||||