Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5114 | 1 Webidsupport | 1 Webid | 2014-07-30 | 7.5 HIGH | N/A |
| WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter. | |||||
| CVE-2014-2974 | 1 Silver-peak | 1 Vx | 2014-07-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | |||||
| CVE-2014-5113 | 1 Visualware | 1 Myconnection Server | 2014-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter. | |||||
| CVE-2014-5105 | 1 Ol-commerce Project | 1 Ol-commerce | 2014-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php. | |||||
| CVE-2014-5104 | 1 Ol-commerce Project | 1 Ol-commerce | 2014-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php. | |||||
| CVE-2014-4726 | 1 Mailpoet | 1 Mailpoet Newsletters | 2014-07-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors. | |||||
| CVE-2014-4725 | 1 Mailpoet | 1 Mailpoet Newsletters | 2014-07-28 | 7.5 HIGH | N/A |
| The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/. | |||||
| CVE-2014-4857 | 1 Gurock | 1 Testrail | 2014-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity. | |||||
| CVE-2014-2966 | 1 Caucho | 1 Resin | 2014-07-28 | 5.0 MEDIUM | N/A |
| The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism. | |||||
| CVE-2014-2363 | 1 Morpho | 1 Itemiser 3 | 2014-07-28 | 10.0 HIGH | N/A |
| Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request. | |||||
| CVE-2014-4927 | 3 Acme, D-link, Netgear | 5 Micro Httpd, Dsl2740u, Dsl2750u and 2 more | 2014-07-25 | 7.8 HIGH | N/A |
| Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request. | |||||
| CVE-2014-4686 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 6.8 MEDIUM | N/A |
| The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030. | |||||
| CVE-2014-4685 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 4.6 MEDIUM | N/A |
| Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. | |||||
| CVE-2014-4684 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 6.0 MEDIUM | N/A |
| The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. | |||||
| CVE-2014-4683 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 4.9 MEDIUM | N/A |
| The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. | |||||
| CVE-2014-4682 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 5.0 MEDIUM | N/A |
| The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. | |||||
| CVE-2014-2971 | 1 Micropact | 1 Icomplaints | 2014-07-25 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter. | |||||
| CVE-2014-2717 | 1 Honeywell | 2 Falcon Xlweb Linux Controller, Falcon Xlweb Xlwebexe | 2014-07-25 | 7.6 HIGH | N/A |
| Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page. | |||||
| CVE-2014-2968 | 1 Huawei | 3 E355, E355 Firmware, E355 Web Ui | 2014-07-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message. | |||||
| CVE-2014-2369 | 1 Omron | 6 Ns10 Hmi Terminal, Ns12 Hmi Terminal, Ns15 Hmi Terminal and 3 more | 2014-07-24 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||||