Search

Search Results (363821 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5284 1 Ossec 1 Ossec 2025-04-12 N/A
host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.
CVE-2014-5285 1 Tibco 1 Spotfire Server 2025-04-12 N/A
Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors.
CVE-2014-5286 1 Tibco 3 Activematrix Management Agent, Activematrix Policy Agent, Activematrix Policy Manager 2025-04-12 N/A
The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors.
CVE-2014-5297 1 X2engine 1 X2engine 2025-04-12 N/A
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter.
CVE-2014-5298 1 X2engine 1 X2engine 2025-04-12 N/A
FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program.
CVE-2014-5300 1 Adaptivecomputing 1 Moab 2025-04-12 N/A
Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature.
CVE-2014-5307 1 Pandasecurity 3 Panda Av Pro 2014, Panda Global Protection 2014, Panda Internet Security 2014 2025-04-12 N/A
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.
CVE-2014-5308 1 Testlink 1 Testlink 2025-04-12 N/A
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
CVE-2014-5313 1 Sixapart 1 Movabletype 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5314 1 Cybozu 3 Dezie, Mailwise, Office 2025-04-12 N/A
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
CVE-2014-5315 1 Adobe 2 Acrobat, Coldfusion 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5317 1 Php365 4 365 Links, 365 Links2, 365 Links\+ and 1 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5318 1 Jig 1 Jigbrowser\+ 2025-04-12 N/A
The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
CVE-2014-5319 1 S-link 1 Slfilemanager 2025-04-12 N/A
Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors.
CVE-2014-5320 1 Bump Project 1 Bump 2025-04-12 N/A
The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application.
CVE-2014-5321 1 Filemaker 2 Filemaker Pro, Filemaker Pro Advanced 2025-04-12 N/A
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319.
CVE-2014-5322 1 Filemaker 2 Filemaker Pro, Filemaker Pro Advanced 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-3640.
CVE-2014-5323 1 Yukoyuko 1 Yuko Yuko 2025-04-12 N/A
The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) application 1.0.5 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5324 1 Najeebmedia 1 N-media File Uploader 2025-04-12 N/A
Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.
CVE-2014-5325 1 Directwebremoting 1 Direct Web Remoting 2025-04-12 N/A
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.