Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4036 | 1 Impresscms | 1 Impresscms | 2014-06-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action. | |||||
| CVE-2014-4033 | 1 Efrontlearning | 1 Efront | 2014-06-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php. | |||||
| CVE-2014-3980 | 1 Daiki Ueno | 1 Libfep | 2014-06-12 | 4.6 MEDIUM | N/A |
| libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2014-3915 | 1 Rocketsoftware | 1 Rocket Servergraph | 2014-06-12 | 10.0 HIGH | N/A |
| The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command. | |||||
| CVE-2014-3911 | 1 Samsung | 1 Ipolis Device Manager | 2014-06-12 | 9.3 HIGH | N/A |
| Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. | |||||
| CVE-2014-3850 | 1 Member Approval Plugin Project | 1 Member Approval | 2014-06-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php. | |||||
| CVE-2014-3782 | 1 Dotclear | 1 Dotclear | 2014-06-12 | 6.0 MEDIUM | N/A |
| Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension. | |||||
| CVE-2014-3781 | 1 Dotclear | 1 Dotclear | 2014-06-12 | 5.8 MEDIUM | N/A |
| The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request. | |||||
| CVE-2011-3625 | 2 Mplayer2, Ricardo Villalba | 2 Mplayer2, Smplayer | 2014-06-12 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file. | |||||
| CVE-2010-5300 | 1 Jzip | 1 Jzip | 2014-06-12 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive. | |||||
| CVE-2013-5643 | 2014-06-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2014-3986 | 1 Cisofy | 1 Lynis | 2014-06-09 | 3.3 LOW | N/A |
| include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name. | |||||
| CVE-2014-3982 | 1 Cisofy | 1 Lynis | 2014-06-09 | 3.3 LOW | N/A |
| include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file. | |||||
| CVE-2013-4728 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message. | |||||
| CVE-2013-4727 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx. | |||||
| CVE-2013-4725 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2013-4724 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2014-06-09 | 5.0 MEDIUM | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2013-2602 | 1 Myheritage | 1 Sequeryobject Activex Control | 2014-06-09 | 9.3 HIGH | N/A |
| Multiple array index errors in the MyHeritage SEQueryObject ActiveX control (SearchEngineQuery.dll) 1.0.2.0 allow remote attackers to execute arbitrary code via the (1) seTokensArray, or (2) seTokensValuesArray parameter to the AddTokens method; (3) seLastNameTokensArray parameter to the AddLastNameTokens method; (4) seFrameIdArray, (5) seSourceIdArray, (6) seHasBreakdownArray, (7) seIsIndexedArray, (8) seAllConcatArray, (9) seRefererURLArray, or (10) seMandatoryFieldsArray parameter to the AddMultipleSearches method; (11) seSourceIdArray, (12) seIsIndexedArray, (13) seAllConcatArray, (14) seRefererURLArray, (15) seQATestsArray, (16) seAllSourceIDsArray, (17) seAllSourceTitlesArray, (18) seMandatoryFieldsArray, or (19) seAllSourceRootURLArray parameter to the TestYourself method. | |||||
| CVE-2013-0250 | 1 Corosync | 1 Corosync | 2014-06-09 | 5.0 MEDIUM | N/A |
| The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet. | |||||
| CVE-2012-5390 | 1 Condor Project | 1 Condor | 2014-06-09 | 10.0 HIGH | N/A |
| The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job. | |||||