Export limit exceeded: 343957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343957 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2024-11-21 | 7.5 High |
| rc before 1.7.1-5 insecurely creates temporary files. | ||||
| CVE-2014-1935 | 2 9base Project, Debian | 2 9base, Debian Linux | 2024-11-21 | 5.3 Medium |
| 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. | ||||
| CVE-2014-1925 | 1 Koha | 1 Koha | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924. | ||||
| CVE-2014-1924 | 1 Koha | 1 Koha | 2024-11-21 | 9.8 Critical |
| The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | ||||
| CVE-2014-1923 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 High |
| Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. | ||||
| CVE-2014-1922 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 High |
| Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2014-1889 | 1 Buddypress | 1 Buddypress | 2024-11-21 | N/A |
| The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. | ||||
| CVE-2014-1867 | 1 Suphp | 1 Suphp | 2024-11-21 | 7.8 High |
| suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | ||||
| CVE-2014-1860 | 1 Contao | 1 Contao Cms | 2024-11-21 | 9.8 Critical |
| Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities | ||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2024-11-21 | N/A |
| (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2014-1858 | 1 Numpy | 1 Numpy | 2024-11-21 | N/A |
| __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2014-1846 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | N/A |
| Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. | ||||
| CVE-2014-1845 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | N/A |
| An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. | ||||
| CVE-2014-1835 | 1 Echor Project | 1 Echor | 2024-11-21 | N/A |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table. | ||||
| CVE-2014-1834 | 1 Echor Project | 1 Echor | 2024-11-21 | N/A |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. | ||||
| CVE-2014-1686 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. | ||||
| CVE-2014-1665 | 1 Owncloud | 1 Owncloud | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. | ||||
| CVE-2014-1634 | 1 Magento | 1 Advanced Newsletter | 2024-11-21 | 9.8 Critical |
| SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. | ||||
| CVE-2014-1632 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | ||||
| CVE-2014-1631 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. | ||||