Search

Search Results (363690 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5190 1 Si Captcha Anti-spam Project 1 Si Captcha Anti-spam 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/index.php in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2014-5191 1 Ckeditor 1 Ckeditor 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5192 1 Sphider 1 Sphider 2025-04-12 N/A
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
CVE-2014-5193 1 Sphider 1 Sphider 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.
CVE-2014-5194 1 Sphider 1 Sphider 2025-04-12 N/A
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.
CVE-2014-5195 2 Ayatana Project, Canonical 2 Unity, Ubuntu Linux 2025-04-12 N/A
Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.
CVE-2014-5196 1 Improved User Search In Backend Project 1 Improved User Search In Backend 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in improved-user-search-in-backend.php in the backend in the Improved user search in backend plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that insert XSS sequences via the iusib_meta_fields parameter.
CVE-2014-5197 1 Splunk 1 Splunk 2025-04-12 N/A
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.
CVE-2014-5198 1 Splunk 1 Splunk 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
CVE-2014-5199 1 Wordpress File Upload Project 1 Wordpress File Upload 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2014-5200 1 Fb Gorilla Project 1 Fb Gorilla 2025-04-12 N/A
SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2014-5201 1 Gallery Objects Project 1 Gallery Objects 2025-04-12 N/A
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
CVE-2014-5202 1 Compfight Project 1 Compfight 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.
CVE-2014-5203 1 Wordpress 1 Wordpress 2025-04-12 N/A
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.
CVE-2014-5204 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-12 N/A
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
CVE-2014-5205 1 Wordpress 1 Wordpress 2025-04-12 N/A
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
CVE-2014-5206 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-12 N/A
The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.
CVE-2014-5207 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-12 N/A
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
CVE-2014-5210 1 Alienvault 1 Open Source Security Information Management 2025-04-12 N/A
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
CVE-2014-5211 1 Attachmate 1 Reflection Ftp Client 2025-04-12 N/A
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.