CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-8766 Exec Code Sql 2014-10-14 2014-10-14
0.0
None ??? ??? ??? ??? ??? ???
Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified parameters to admin.php.
2 CVE-2014-8765 XSS 2014-10-14 2014-10-14
0.0
None ??? ??? ??? ??? ??? ???
Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to the PIFR_Server test results page or (2) remote authenticated users with the "manage PIFR environments" permission to inject arbitrary web script or HTML via vectors involving a PIFR_Server administrative page.
3 CVE-2014-8756 Exec Code 2014-10-17 2014-10-17
0.0
None ??? ??? ??? ??? ??? ???
The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address.
4 CVE-2014-8755 Exec Code 2014-10-17 2014-10-17
0.0
None ??? ??? ??? ??? ??? ???
Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory."
5 CVE-2014-8750 2014-10-15 2014-10-15
0.0
None ??? ??? ??? ??? ??? ???
Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
6 CVE-2014-8320 XSS 2014-10-17 2014-10-17
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the "Label text" field to the results configuration page.
7 CVE-2014-8319 XSS 2014-10-17 2014-10-17
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title.
8 CVE-2014-8318 XSS 2014-10-17 2014-10-17
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields have the same form_key.
9 CVE-2014-8317 XSS 2014-10-17 2014-10-17
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text.
10 CVE-2014-8316 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request.
11 CVE-2014-8315 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter.
12 CVE-2014-8314 XSS 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the democontent.
13 CVE-2014-8313 Exec Code 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.
14 CVE-2014-8312 +Info 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
15 CVE-2014-8311 +Info 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
16 CVE-2014-8310 DoS 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.
17 CVE-2014-8309 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.
18 CVE-2014-8308 XSS 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19 CVE-2014-8307 XSS 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the "drop down TOP menu (with path)" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRING to (a) index.php, (b) checkout.php, (c) contact.php, (d) detail.php, (e) distro.php, (f) newsletter.php, (g) page.php, (h) profile.php, (i) search.php, (j) sitemap.php, (k) task.php, or (l) tell.php.
20 CVE-2014-8306 Exec Code Sql 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.
21 CVE-2014-8305 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php.
22 CVE-2014-8304 XSS 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the next_template parameter to admin/index.php.
23 CVE-2014-8303 XSS 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing.
24 CVE-2014-8302 XSS 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard.
25 CVE-2014-8301 XSS 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header.
26 CVE-2014-8296 XSS 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
27 CVE-2014-8295 1 Exec Code Sql 2014-10-15 2014-10-15
0.0
None ??? ??? ??? ??? ??? ???
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
28 CVE-2014-8294 Exec Code Sql 2014-10-15 2014-10-15
0.0
None ??? ??? ??? ??? ??? ???
Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password.
29 CVE-2014-8293 XSS 2014-10-15 2014-10-15
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMG_signin_topic parameter to index.php.
30 CVE-2014-8240 DoS Exec Code Overflow 2014-10-16 2014-10-16
0.0
None ??? ??? ??? ??? ??? ???
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
31 CVE-2014-8074 Exec Code Overflow 2014-10-17 2014-10-17
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables.
32 CVE-2014-8070 2014-10-14 2014-10-14
0.0
None ??? ??? ??? ??? ??? ???
Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to index.php/user/logout.
33 CVE-2014-8069 XSS 2014-10-14 2014-10-14
0.0
None ??? ??? ??? ??? ??? ???
Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2) PATH_INFO to index.php.
34 CVE-2014-7960 Bypass 2014-10-17 2014-10-17
0.0
None ??? ??? ??? ??? ??? ???
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.
35 CVE-2014-7874 CSRF 2014-10-18 2014-10-18
0.0
None ??? ??? ??? ??? ??? ???
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
36 CVE-2014-7483 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application 4.0.729.1748 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
37 CVE-2014-7481 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
38 CVE-2014-7478 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The nashaplaneta.su (aka com.wNashaPlaneta) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
39 CVE-2014-7476 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
40 CVE-2014-7475 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
41 CVE-2014-7472 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
42 CVE-2014-7471 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The international-arbitration-attorney.com (aka com.w0f1d79a1010d819acbee876007d0bebc) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
43 CVE-2014-7470 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesais_film_android_1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
44 CVE-2014-7469 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The Best Beginning (aka com.bbbeta) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
45 CVE-2014-7468 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The AG Klettern Odenwald (aka de.appack.project.agko) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
46 CVE-2014-7467 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The HoneyBee Mag (aka com.magzter.honeybeemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
47 CVE-2014-7466 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The Live TV Browser (aka com.wHDSmartBrowser) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
48 CVE-2014-7465 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The PC Advisor (aka com.triactivemedia.pcadvisor) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
49 CVE-2014-7464 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The Magic Stamp (aka vn.avagame.apotatem) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
50 CVE-2014-7463 +Info 2014-10-19 2014-10-19
0.0
None ??? ??? ??? ??? ??? ???
The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Total number of vulnerabilities : 773   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.