Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8765 | 1 Drupal | 1 Project Issue File Review | 2014-10-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page. | |||||
| CVE-2014-6313 | 1 Woothemes | 1 Woocommerce Plugin | 2014-10-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php. | |||||
| CVE-2014-7201 | 1 Kevin Renskers | 1 Dmmjobcontrol | 2014-10-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/. | |||||
| CVE-2014-7200 | 1 Kevin Renskers | 1 Dmmjobcontrol | 2014-10-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/. | |||||
| CVE-2014-8294 | 1 Php Resource | 1 Voice Of Web Allmyguests | 2014-10-22 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password. | |||||
| CVE-2014-8293 | 1 Php Resource | 1 Voice Of Web Allmyguests | 2014-10-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMG_signin_topic parameter to index.php. | |||||
| CVE-2014-8295 | 1 Bacula | 1 Bacula-web | 2014-10-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. | |||||
| CVE-2014-8070 | 1 Yootheme | 1 Pagekit | 2014-10-21 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to index.php/user/logout. | |||||
| CVE-2014-8069 | 1 Yootheme | 1 Pagekit | 2014-10-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2) PATH_INFO to index.php. | |||||
| CVE-2014-8304 | 1 In-portal | 1 In-portal | 2014-10-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the next_template parameter to admin/index.php. | |||||
| CVE-2014-2880 | 1 Oracle | 1 Identity Manager | 2014-10-17 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin. | |||||
| CVE-2014-2478 | 1 Oracle | 1 Database Server | 2014-10-16 | 2.6 LOW | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2014-6881 | 1 Pnc | 1 Virtual Wallet By Pnc | 2014-10-16 | 5.4 MEDIUM | N/A |
| The PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) application before 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5273 | 1 Phpmyadmin | 1 Phpmyadmin | 2014-10-16 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. | |||||
| CVE-2014-5033 | 3 Canonical, Debian, Kde | 4 Ubuntu Linux, Kde4libs, Kauth and 1 more | 2014-10-16 | 6.9 MEDIUM | N/A |
| KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." | |||||
| CVE-2014-8748 | 1 Drupal | 1 Doubleclick For Publishers | 2014-10-15 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name. | |||||
| CVE-2014-7284 | 1 Linux | 1 Linux Kernel | 2014-10-15 | 6.4 MEDIUM | N/A |
| The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values. | |||||
| CVE-2014-5328 | 1 Huawei | 2 E5332, E5332 Firmware | 2014-10-15 | 6.8 MEDIUM | N/A |
| Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API service request message. | |||||
| CVE-2014-4867 | 1 Cryoserver | 1 Cryoserver Security Appliance | 2014-10-15 | 6.8 MEDIUM | N/A |
| Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program. | |||||
| CVE-2014-5327 | 1 Huawei | 2 E5332, E5332 Firmware | 2014-10-15 | 6.8 MEDIUM | N/A |
| Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI. | |||||