Search Results (26989 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9753 1 Atutor 1 Atutor 2024-11-21 9.8 Critical
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter.
CVE-2014-9614 1 Netsweeper 1 Netsweeper 2024-11-21 9.8 Critical
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.
CVE-2014-9613 1 Netsweeper 1 Netsweeper 2024-11-21 9.8 Critical
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.
CVE-2014-9612 1 Netsweeper 1 Netsweeper 2024-11-21 9.8 Critical
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.
CVE-2014-9530 1 Nwjs 1 Nw 2024-11-21 9.8 Critical
A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact.
CVE-2014-9390 6 Apple, Eclipse, Git-scm and 3 more 8 Mac Os X, Xcode, Egit and 5 more 2024-11-21 9.8 Critical
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.
CVE-2014-9320 1 Sap 1 Businessobjects Edge 2024-11-21 9.8 Critical
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.
CVE-2014-8945 1 Piwigo 1 Lexiglot 2024-11-21 9.8 Critical
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
CVE-2014-8941 1 Piwigo 1 Lexiglot 2024-11-21 9.8 Critical
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
CVE-2014-8741 1 Lexmark 1 Markvision Enterprise 2024-11-21 9.8 Critical
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.
CVE-2014-8739 2 Creative-solutions, Jquery File Upload Project 2 Creative Contact Form, Jquery File Upload 2024-11-21 9.8 Critical
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
CVE-2014-8673 1 Soplanning 1 Soplanning 2024-11-21 9.8 Critical
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
CVE-2014-8650 2 Debian, Requests-kerberos Project 2 Debian Linux, Requests-kerberos 2024-11-21 9.8 Critical
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-8563 1 Synacor 1 Zimbra Collaboration Server 2024-11-21 9.8 Critical
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.
CVE-2014-8516 1 Cloudfastpath 1 Netcharts Server 2024-11-21 9.8 Critical
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
CVE-2014-8337 1 Helpdezk 1 Helpdezk 2024-11-21 9.8 Critical
Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.
CVE-2014-8322 1 Aircrack-ng 1 Aircrack-ng 2024-11-21 9.8 Critical
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.
CVE-2014-8164 1 Redhat 1 Cloudforms Management Engine 2024-11-21 9.1 Critical
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.
CVE-2014-8089 3 Fedoraproject, Redhat, Zend 3 Fedora, Enterprise Linux, Zend Framework 2024-11-21 9.8 Critical
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
CVE-2014-7257 1 Dbd\ 1 \ 2024-11-21 9.8 Critical
SQL injection vulnerability in DBD::PgPP 0.05 and earlier