Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5157 | 2014-08-13 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5196. Reason: This candidate is a reservation duplicate of CVE-2014-5196. Notes: All CVE users should reference CVE-2014-5196 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-5199 | 1 Wordpress File Upload Project | 1 Wordpress File Upload | 2014-08-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-5197 | 1 Splunk | 1 Splunk | 2014-08-13 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids. | |||||
| CVE-2014-5198 | 1 Splunk | 1 Splunk | 2014-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. | |||||
| CVE-2014-5202 | 1 Compfight Project | 1 Compfight | 2014-08-13 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter. | |||||
| CVE-2014-3899 | 1 Gomlab | 1 Gom Player | 2014-08-12 | 4.3 MEDIUM | N/A |
| Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file. | |||||
| CVE-2014-2357 | 1 Subnet | 1 Substation Server | 2014-08-12 | 7.1 HIGH | N/A |
| The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message. | |||||
| CVE-2013-3930 | 1 Coreftp | 1 Core Ftp | 2014-08-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply. | |||||
| CVE-2014-0806 | 1 Fenrir-inc | 1 Sleipnir Mobile | 2014-08-11 | 4.3 MEDIUM | N/A |
| The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls. | |||||
| CVE-2010-4755 | 3 Freebsd, Netbsd, Openbsd | 4 Freebsd, Netbsd, Openbsd and 1 more | 2014-08-08 | 4.0 MEDIUM | N/A |
| The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. | |||||
| CVE-2014-3914 | 1 Rocketsoftware | 1 Rocket Servergraph | 2014-08-07 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet. | |||||
| CVE-2014-3855 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2014-3854 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter. | |||||
| CVE-2014-3853 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 5.0 MEDIUM | N/A |
| Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2014-3852 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 5.0 MEDIUM | N/A |
| Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2014-3851 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 2.1 LOW | N/A |
| usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file. | |||||
| CVE-2014-3800 | 1 Xbmc | 1 Xbmc | 2014-08-07 | 2.1 LOW | N/A |
| XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file. | |||||
| CVE-2014-3459 | 1 Solarwinds | 1 Network Configuration Manager | 2014-08-07 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. | |||||
| CVE-2014-3773 | 1 Teampass | 1 Teampass | 2014-08-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/. | |||||
| CVE-2014-3774 | 1 Teampass | 1 Teampass | 2014-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element. | |||||