Search

Search Results (364840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8376 1 Site Banner Project 1 Site Banner 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web script or HTML via vectors related to context settings.
CVE-2014-8377 1 Webasyst 1 Shop-script 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/.
CVE-2014-8378 1 Tablefield Project 1 Tablefield 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to the field help text in an entity edit form.
CVE-2014-8379 1 Marketo Ma Project 1 Marketo Ma 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules.
CVE-2014-8380 1 Splunk 1 Splunk 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression.
CVE-2014-8381 1 Megapolis 1 Megapolis.portal Manager 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter.
CVE-2014-8383 1 Infocus 2 In3128hd, In3128hd Firmware 2025-04-12 N/A
The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html.
CVE-2014-8384 1 Infocus 2 In3128hd, In3128hd Firmware 2025-04-12 N/A
The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request.
CVE-2014-8385 1 Advantech 6 Eki-1200 Gateway Series Firmware, Eki-1221, Eki-1221d and 3 more 2025-04-12 N/A
Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-8386 1 Advantech 1 Adamview 2025-04-12 N/A
Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file.
CVE-2014-8388 1 Advantech 1 Webaccess 2025-04-12 N/A
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.
CVE-2014-8390 1 Schneider-electric 1 Vampset 2025-04-12 N/A
Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.
CVE-2014-8391 1 Sendio 1 Sendio 2025-04-12 N/A
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.
CVE-2014-8394 1 Corel 1 Corelcad 2025-04-12 N/A
Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory.
CVE-2014-8387 1 Advantech 2 Eki-6340, Eki-6340 Firmware 2025-04-12 N/A
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.
CVE-2014-8395 1 Corel 1 Painter 2025-04-12 N/A
Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed.
CVE-2014-8396 1 Corel 1 Pdf Fusion 2025-04-12 N/A
Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed.
CVE-2014-8397 1 Corel 2 Fastflick, Videostudio Pro 2025-04-12 N/A
Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed.
CVE-2014-8398 1 Corel 1 Fastflick 2025-04-12 N/A
Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed.
CVE-2014-8399 1 Shim Project 1 Shim 2025-04-12 N/A
The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors.