| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user. |
| The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php. |
| Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. |
| Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface |
| Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4. |
| Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. |
| The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. |
| Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php |
| Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5_Backbone_Bus." |
| Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks |
| Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. |
| Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. |
| Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. |
| centurystar 7.12 ActiveX Control has a Stack Buffer Overflow |
| Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input |
| A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. |
| In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1. |
| Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialog.aspx in Gael Q-Pulse 0.6 and earlier. |
