Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2609 | 1 Hp | 1 Executive Scorecard | 2014-06-25 | 10.0 HIGH | N/A |
| The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116. | |||||
| CVE-2014-2610 | 1 Hp | 1 Executive Scorecard | 2014-06-25 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117. | |||||
| CVE-2014-2707 | 1 Linuxfoundation | 1 Cups-filters | 2014-06-25 | 8.3 HIGH | N/A |
| cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." | |||||
| CVE-2011-2514 | 1 Redhat | 2 Icedtea-web, Icedtea6 | 2014-06-25 | 6.8 MEDIUM | N/A |
| The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted. | |||||
| CVE-2011-2513 | 1 Redhat | 2 Icedtea-web, Icedtea6 | 2014-06-25 | 5.0 MEDIUM | N/A |
| The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader. | |||||
| CVE-2014-3846 | 1 Flyingcart | 1 Flying Cart | 2014-06-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php. | |||||
| CVE-2014-3923 | 1 Digitalzoomstudio | 1 Video Gallery | 2014-06-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allchars.swf, or (4) preview_skin_overlay.swf in deploy/. | |||||
| CVE-2013-4599 | 1 Misery Project | 1 Misery | 2014-06-25 | 4.3 MEDIUM | N/A |
| The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests. | |||||
| CVE-2014-3882 | 1 12net | 1 Login Rebuilder | 2014-06-25 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-2591 | 1 Bmc | 1 Patrol Agent | 2014-06-24 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. | |||||
| CVE-2014-3921 | 1 Simple Popup Project | 1 Simple Popup | 2014-06-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter. | |||||
| CVE-2012-5572 | 1 Dancer | 1 Dancer | 2014-06-24 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526. | |||||
| CVE-2014-3780 | 1 Citrix | 1 Vdi-in-a-box | 2014-06-24 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. | |||||
| CVE-2012-5560 | 1 Mate-desktop | 1 Mate-settings-daemon | 2014-06-24 | 2.1 LOW | N/A |
| The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call. | |||||
| CVE-2014-3227 | 1 Debian | 1 Dpkg | 2014-06-24 | 6.4 MEDIUM | N/A |
| dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program. | |||||
| CVE-2013-0302 | 2 Amazon, Owncloud | 2 Sdk Tester, Owncloud | 2014-06-24 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK. | |||||
| CVE-2014-2051 | 1 Owncloud | 1 Owncloud | 2014-06-24 | 7.5 HIGH | N/A |
| ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query." | |||||
| CVE-2013-4595 | 1 Gordon Heydon | 1 Secure Pages | 2014-06-24 | 4.3 MEDIUM | N/A |
| The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page. | |||||
| CVE-2013-2562 | 1 Mambo-foundation | 1 Mambo Cms | 2014-06-24 | 2.1 LOW | N/A |
| Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-2563 | 1 Mambo-foundation | 1 Mambo Cms | 2014-06-24 | 2.1 LOW | N/A |
| Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. | |||||