Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title.
Max CVSS
4.3
EPSS Score
0.11%
Published
2014-02-27
Updated
2014-02-28
The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.
Max CVSS
6.3
EPSS Score
0.26%
Published
2014-02-26
Updated
2018-10-09
Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309.
Max CVSS
6.8
EPSS Score
0.10%
Published
2014-02-27
Updated
2014-02-28
Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.
Max CVSS
4.0
EPSS Score
0.10%
Published
2014-02-27
Updated
2015-07-29
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-02-26
Updated
2014-03-11
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-02-26
Updated
2014-03-11
Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the current working directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-02-26
Updated
2014-03-11
Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-02-26
Updated
2014-03-11
TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.58%
Published
2014-02-27
Updated
2014-02-27
arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction.
Max CVSS
4.9
EPSS Score
0.04%
Published
2014-02-28
Updated
2023-02-13
The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-02-28
Updated
2023-02-13
Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.13 build 574 allows remote attackers to inject arbitrary web script or HTML via the i parameter.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-02-27
Updated
2018-10-09
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-02-18
Updated
2014-03-08
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
Max CVSS
4.9
EPSS Score
0.09%
Published
2014-02-18
Updated
2019-09-27
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.
Max CVSS
4.3
EPSS Score
0.27%
Published
2014-02-17
Updated
2016-10-04
Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-02-27
Updated
2015-07-30
The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Max CVSS
5.8
EPSS Score
0.06%
Published
2014-02-27
Updated
2014-02-27
The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets.
Max CVSS
7.8
EPSS Score
0.22%
Published
2014-02-24
Updated
2022-02-01
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-02-14
Updated
2018-12-10
Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-02-14
Updated
2018-12-10
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.
Max CVSS
5.0
EPSS Score
1.21%
Published
2014-02-14
Updated
2018-12-10
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.
Max CVSS
5.0
EPSS Score
0.25%
Published
2014-02-14
Updated
2018-12-10
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.
Max CVSS
5.0
EPSS Score
0.37%
Published
2014-02-14
Updated
2018-12-10
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.43%
Published
2014-02-14
Updated
2018-12-10
Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-02-14
Updated
2014-12-12
431 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!