Total
980 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8910 | 1 Ibm | 1 Db2 | 2024-11-21 | 4.0 MEDIUM | N/A |
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement. | |||||
CVE-2014-8423 | 1 Arris | 1 Vap2500 Firmware | 2024-11-21 | 10.0 HIGH | N/A |
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
CVE-2014-7952 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. | |||||
CVE-2014-7844 | 3 Bsd Mailx Project, Debian, Redhat | 8 Bsd Mailx, Debian Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | |||||
CVE-2014-7287 | 1 Symantec | 2 Encryption Management Server, Pgp Universal Server | 2024-11-21 | 5.0 MEDIUM | N/A |
The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header. | |||||
CVE-2014-7236 | 1 Twiki | 1 Twiki | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. | |||||
CVE-2014-5287 | 1 Kemptechnologies | 1 Loadmaster | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). | |||||
CVE-2014-5086 | 3 Sphider, Sphider-plus, Sphiderpro | 3 Sphider, Sphider-plus, Sphider Pro | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider. | |||||
CVE-2014-5085 | 1 Sphider-plus | 1 Sphider-plus | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro. | |||||
CVE-2014-5084 | 1 Sphiderpro | 1 Sphider Pro | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus. | |||||
CVE-2014-5083 | 1 Sphider | 1 Sphider | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider. | |||||
CVE-2014-4967 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | |||||
CVE-2014-4966 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | |||||
CVE-2014-4678 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | |||||
CVE-2014-4172 | 3 Apereo, Debian, Fedoraproject | 5 .net Cas Client, Java Cas Client, Phpcas and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | |||||
CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | |||||
CVE-2014-2294 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. | |||||
CVE-2014-10394 | 1 Saschart | 1 Rich Counter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. | |||||
CVE-2014-10391 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. | |||||
CVE-2014-10386 | 1 3cx | 1 Live Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. |