Export limit exceeded: 344011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344011 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5011 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 6.5 Medium |
| DOMPDF before 0.6.2 allows Information Disclosure. | ||||
| CVE-2014-5007 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2024-11-21 | 9.8 Critical |
| Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter. | ||||
| CVE-2014-5004 | 1 Brbackup Project | 1 Brbackup | 2024-11-21 | N/A |
| lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-5003 | 1 Ciborg Project | 1 Ciborg | 2024-11-21 | N/A |
| chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer. | ||||
| CVE-2014-5002 | 1 Lynx Project | 1 Lynx | 2024-11-21 | N/A |
| The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes. | ||||
| CVE-2014-5001 | 1 Kcapifony Project | 1 Kcapifony | 2024-11-21 | N/A |
| lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes. | ||||
| CVE-2014-5000 | 1 Lawn-login Project | 1 Lawn-login | 2024-11-21 | N/A |
| The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4999 | 1 Kajam Project | 1 Kajam | 2024-11-21 | N/A |
| vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4998 | 1 Lean-ruport Project | 1 Lean-ruport | 2024-11-21 | N/A |
| test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4997 | 1 Point-cli Project | 1 Point-cli | 2024-11-21 | N/A |
| lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4996 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2024-11-21 | N/A |
| lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}. | ||||
| CVE-2014-4995 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2024-11-21 | N/A |
| Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed. | ||||
| CVE-2014-4994 | 1 Gyazo Project | 1 Gyazo | 2024-11-21 | N/A |
| lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames. | ||||
| CVE-2014-4993 | 2 Backup-agoddard Project, Backup Checksum Project | 2 Backup-agoddard, Backup Checksum | 2024-11-21 | N/A |
| (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4992 | 1 Cap-strap Project | 1 Cap-strap | 2024-11-21 | N/A |
| lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4991 | 1 Codders-dataset Project | 1 Codders-dataset | 2024-11-21 | N/A |
| (1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-4984 | 1 Dejavuprotech | 1 Crescendo - Sales Crm | 2024-11-21 | 9.8 Critical |
| Déjà Vu Crescendo Sales CRM has remote SQL Injection | ||||
| CVE-2014-4982 | 1 Xorux | 1 Lpar2rrd | 2024-11-21 | 9.8 Critical |
| LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server. | ||||
| CVE-2014-4981 | 1 Xorux | 1 Lpar2rrd | 2024-11-21 | 9.8 Critical |
| LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | ||||
| CVE-2014-4972 | 1 Ajax Upload For Gravity Forms Project | 1 Ajax Upload For Gravity Forms | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. | ||||