Search

Search Results (364837 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8350 1 Smarty 1 Smarty 2025-04-12 N/A
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
CVE-2014-8351 1 French National Commission On Informatics And Liberty 1 Cookieviz 2025-04-12 N/A
SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter.
CVE-2014-8352 1 French National Commission On Informatics And Liberty 1 Cookieviz 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via the max_date parameter.
CVE-2014-8359 1 Huawei 4 Ec156, Ec176, Ec177 and 1 more 2025-04-12 N/A
Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.
CVE-2014-8368 1 Arubanetworks 1 Airwave 2025-04-12 N/A
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.
CVE-2014-8360 1 Glpi-project 1 Glpi 2025-04-12 N/A
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.
CVE-2014-8363 1 Wordpress Spreadsheet Project 1 Wordpress Spreadsheet 2025-04-12 N/A
SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
CVE-2014-8364 1 Tim Rohrer 1 Wordpress Spreadsheet Plugin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter.
CVE-2014-8365 1 Xornic 1 Contact Us 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) email parameter to contact.php or (3) PATH_INFO to setup.php, related to the "PHP_SELF" variable.
CVE-2014-8366 1 Os4ed 1 Opensis 2025-04-12 N/A
SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php.
CVE-2014-8367 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-12 N/A
SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-8369 5 Debian, Linux, Opensuse and 2 more 6 Debian Linux, Linux Kernel, Evergreen and 3 more 2025-04-12 7.8 High
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.
CVE-2014-8370 1 Vmware 4 Esxi, Fusion, Player and 1 more 2025-04-12 N/A
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.
CVE-2014-8371 1 Vmware 1 Vcenter Server Appliance 2025-04-12 N/A
VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.
CVE-2014-8372 1 Vmware 1 Airwatch 2025-04-12 N/A
AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference.
CVE-2014-8373 1 Vmware 1 Vcloud Automation Center 2025-04-12 N/A
The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function.
CVE-2014-8375 1 Gb-plugins 1 Gb Gallery Slideshow 2025-04-12 N/A
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
CVE-2014-8376 1 Site Banner Project 1 Site Banner 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings.
CVE-2014-8377 1 Webasyst 1 Shop-script 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/.
CVE-2014-8378 1 Tablefield Project 1 Tablefield 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form.