Export limit exceeded: 343831 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343831 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1889 | 1 Buddypress | 1 Buddypress | 2024-11-21 | N/A |
| The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. | ||||
| CVE-2014-1867 | 1 Suphp | 1 Suphp | 2024-11-21 | 7.8 High |
| suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | ||||
| CVE-2014-1860 | 1 Contao | 1 Contao Cms | 2024-11-21 | 9.8 Critical |
| Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities | ||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2024-11-21 | N/A |
| (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2014-1858 | 1 Numpy | 1 Numpy | 2024-11-21 | N/A |
| __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2014-1846 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | N/A |
| Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. | ||||
| CVE-2014-1845 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | N/A |
| An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. | ||||
| CVE-2014-1835 | 1 Echor Project | 1 Echor | 2024-11-21 | N/A |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table. | ||||
| CVE-2014-1834 | 1 Echor Project | 1 Echor | 2024-11-21 | N/A |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. | ||||
| CVE-2014-1686 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. | ||||
| CVE-2014-1665 | 1 Owncloud | 1 Owncloud | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. | ||||
| CVE-2014-1634 | 1 Magento | 1 Advanced Newsletter | 2024-11-21 | 9.8 Critical |
| SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. | ||||
| CVE-2014-1632 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | ||||
| CVE-2014-1631 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | ||||
| CVE-2014-1617 | 1 Promotic | 1 Promotic | 2024-11-21 | 6.5 Medium |
| Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service. | ||||
| CVE-2014-1598 | 1 Centurystar Project | 1 Centurystar | 2024-11-21 | 9.8 Critical |
| centurystar 7.12 ActiveX Control has a Stack Buffer Overflow | ||||
| CVE-2014-1457 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | N/A |
| Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name. | ||||
| CVE-2014-1454 | 1 Pearson | 1 Esis Enterprise Student Information System | 2024-11-21 | 4.8 Medium |
| Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input | ||||
| CVE-2014-1428 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | N/A |
| A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. | ||||
| CVE-2014-1427 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | N/A |
| A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. | ||||