SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.
Max CVSS
6.0
EPSS Score
0.65%
Published
2014-07-31
Updated
2018-10-09
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.
Max CVSS
7.5
EPSS Score
1.71%
Published
2014-07-31
Updated
2017-08-29
WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.
Max CVSS
7.5
EPSS Score
0.31%
Published
2014-07-29
Updated
2014-07-30
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.
Max CVSS
7.5
EPSS Score
0.58%
Published
2014-07-28
Updated
2022-04-18
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
Max CVSS
7.5
EPSS Score
0.17%
Published
2014-07-28
Updated
2023-01-31
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
Max CVSS
7.5
EPSS Score
0.14%
Published
2014-07-28
Updated
2014-07-29
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.
Max CVSS
7.5
EPSS Score
0.21%
Published
2014-07-25
Updated
2015-10-06
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.
Max CVSS
6.8
EPSS Score
0.84%
Published
2014-07-25
Updated
2017-08-29
Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.
Max CVSS
6.8
EPSS Score
0.32%
Published
2014-07-22
Updated
2014-07-22
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2014-07-21
Updated
2014-07-22
Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.
Max CVSS
9.3
EPSS Score
35.22%
Published
2014-07-26
Updated
2017-01-07

CVE-2014-4977

Public exploit
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.
Max CVSS
6.5
EPSS Score
96.00%
Published
2014-07-16
Updated
2018-03-12

CVE-2014-4971

Public exploit
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
Max CVSS
7.2
EPSS Score
0.08%
Published
2014-07-26
Updated
2018-10-12
Multiple cross-site request forgery (CSRF) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that (1) modify customer settings or hijack the authentication of administrators for requests that change (2) customer passwords, (3) shop configuration, or (4) product details, as demonstrated by (5) modify a product's price via a crafted request to central/catalog/saveproduct.action or (6) creating a product review via a crafted request to shop/product/createReview.action.
Max CVSS
6.8
EPSS Score
0.16%
Published
2014-07-15
Updated
2018-10-09
Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action.
Max CVSS
6.8
EPSS Score
0.42%
Published
2014-07-15
Updated
2018-10-09
Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost.
Max CVSS
6.4
EPSS Score
0.32%
Published
2014-07-15
Updated
2018-10-09
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.
Max CVSS
7.5
EPSS Score
0.08%
Published
2014-07-21
Updated
2015-10-06
Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).
Max CVSS
6.4
EPSS Score
0.43%
Published
2014-07-22
Updated
2017-08-29
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.66%
Published
2014-07-22
Updated
2017-08-29
Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.
Max CVSS
6.5
EPSS Score
0.10%
Published
2014-07-14
Updated
2014-07-14
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
Max CVSS
6.9
EPSS Score
0.04%
Published
2014-07-19
Updated
2024-01-19
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
Max CVSS
6.5
EPSS Score
0.08%
Published
2014-07-11
Updated
2014-07-14
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.
Max CVSS
7.5
EPSS Score
0.12%
Published
2014-07-11
Updated
2014-07-14
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
Max CVSS
7.8
EPSS Score
77.37%
Published
2014-07-24
Updated
2023-04-26
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
Max CVSS
6.8
EPSS Score
4.00%
Published
2014-07-29
Updated
2014-11-14
236 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!