Search

Search Results (363807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5320 1 Bump Project 1 Bump 2025-04-12 N/A
The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application.
CVE-2014-5321 1 Filemaker 2 Filemaker Pro, Filemaker Pro Advanced 2025-04-12 N/A
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319.
CVE-2014-5322 1 Filemaker 2 Filemaker Pro, Filemaker Pro Advanced 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640.
CVE-2014-5323 1 Yukoyuko 1 Yuko Yuko 2025-04-12 N/A
The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) application 1.0.5 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5324 1 Najeebmedia 1 N-media File Uploader 2025-04-12 N/A
Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.
CVE-2014-5325 1 Directwebremoting 1 Direct Web Remoting 2025-04-12 N/A
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-5326 1 Directwebremoting 1 Direct Web Remoting 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5327 1 Huawei 2 E5332, E5332 Firmware 2025-04-12 N/A
Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI.
CVE-2014-5328 1 Huawei 2 E5332, E5332 Firmware 2025-04-12 N/A
Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API service request message.
CVE-2014-5330 1 Birdblog 1 Birdblog 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in BirdBlog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5331 1 Aptana 1 Aflax 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5332 1 Linux 1 Linux Kernel 2025-04-12 N/A
Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape the Chrome sandbox.
CVE-2014-5333 6 Adobe, Apple, Google and 3 more 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671.
CVE-2014-5335 1 Innovaphone 1 Innovaphone Pbx 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml.
CVE-2014-5336 1 Monkey-project 1 Monkey 2025-04-12 N/A
Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.
CVE-2014-5337 2 Wordpress Mobile Pack Project, Wpmobilepack 2 Wordpress Mobile Pack, Wordpress Mobile Pack 2025-04-12 N/A
The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.
CVE-2014-5338 2 Check Mk Project, Redhat 2 Check Mk, Storage 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.
CVE-2014-5339 2 Check Mk Project, Redhat 2 Check Mk, Storage 2025-04-12 N/A
Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.
CVE-2014-5340 2 Check Mk Project, Redhat 2 Check Mk, Storage 2025-04-12 N/A
The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.
CVE-2014-5341 1 Owncloud 1 Owncloud 2025-04-12 N/A
The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network.