Export limit exceeded: 344908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-125029 | 1 Paginationserviceprovider Project | 1 Paginationserviceprovider | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-125028 | 1 Valtech | 1 Idp Test Clients | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148. | ||||
| CVE-2014-10402 | 1 Perl | 1 Dbi | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. | ||||
| CVE-2014-10401 | 1 Perl | 1 Dbi | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. | ||||
| CVE-2014-10400 | 1 Keplerproject | 1 Cgilua | 2024-11-21 | 6.1 Medium |
| The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. | ||||
| CVE-2014-10399 | 1 Keplerproject | 1 Cgilua | 2024-11-21 | 6.1 Medium |
| The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. | ||||
| CVE-2014-10398 | 1 Bssys | 1 Rbs Bs-client. Retail Client | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value. | ||||
| CVE-2014-10397 | 1 Para | 1 Antioch | 2024-11-21 | 7.5 High |
| The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. | ||||
| CVE-2014-10396 | 1 Organizedthemes | 1 Epic | 2024-11-21 | 7.5 High |
| The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. | ||||
| CVE-2014-10395 | 1 Codepeople | 1 Polls Cp | 2024-11-21 | N/A |
| The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. | ||||
| CVE-2014-10394 | 1 Saschart | 1 Rich Counter | 2024-11-21 | N/A |
| The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. | ||||
| CVE-2014-10393 | 1 Cformsii Project | 1 Cformsii | 2024-11-21 | N/A |
| The cforms2 plugin before 10.5 for WordPress has XSS. | ||||
| CVE-2014-10392 | 1 Cformsii Project | 1 Cformsii | 2024-11-21 | N/A |
| The cforms2 plugin before 10.2 for WordPress has XSS. | ||||
| CVE-2014-10391 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. | ||||
| CVE-2014-10390 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. | ||||
| CVE-2014-10389 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. | ||||
| CVE-2014-10388 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. | ||||
| CVE-2014-10387 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. | ||||
| CVE-2014-10386 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. | ||||
| CVE-2014-10385 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2024-11-21 | N/A |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. | ||||