Search Results (363081 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9057 2 Debian, Sixapart 2 Debian Linux, Movable Type 2025-04-12 N/A
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-9050 1 Clamav 1 Clamav 2025-04-12 N/A
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.
CVE-2014-9046 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol.
CVE-2014-9045 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.
CVE-2014-9044 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.
CVE-2014-9043 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.
CVE-2014-9042 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.
CVE-2014-9034 1 Wordpress 1 Wordpress 2025-04-12 N/A
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.
CVE-2014-9032 1 Wordpress 1 Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-9031 1 Wordpress 1 Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.
CVE-2014-3076 1 Ibm 1 Business Process Manager 2025-04-12 N/A
IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote attackers to obtain potentially sensitive information by visiting an unspecified JSP diagnostic page.
CVE-2014-3062 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2014-9005 1 Vld Interactive 1 Vldpersonals 2025-04-12 N/A
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
CVE-2014-9015 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-12 N/A
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.
CVE-2014-8762 1 Dokuwiki 1 Dokuwiki 2025-04-12 N/A
The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.
CVE-2015-1000002 1 Filedownload Project 1 Filedownload 2025-04-12 N/A
Open Proxy in filedownload v1.4 wordpress plugin
CVE-2014-9029 2 Jasper Project, Redhat 3 Jasper, Enterprise Linux, Rhev Manager 2025-04-12 N/A
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
CVE-2014-9030 3 Debian, Opensuse, Xen 3 Debian Linux, Opensuse, Xen 2025-04-12 N/A
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
CVE-2015-0516 1 Emc 2 Vipr Srm, Watch4net 2025-04-12 N/A
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
CVE-2015-0884 2 Microsoft, Toshiba 3 Windows, Bluetooth Stack, Service Station 2025-04-12 N/A
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.