Search

Search Results (363318 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-10031 1 Qualcomm 1 Eudora Worldmail 2025-04-12 N/A
Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command.
CVE-2014-10032 1 Scriptbrasil 1 Taboada Macronews 2025-04-12 N/A
SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2014-10033 1 Oscommerce 1 Online Merchant 2025-04-12 N/A
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
CVE-2014-10034 1 Couponphp 1 Couponphp 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.
CVE-2014-10035 1 Couponphp 1 Couponphp 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php.
CVE-2014-10036 1 Jetbrains 1 Teamcity 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
CVE-2014-10037 1 Domphp 1 Domphp 2025-04-12 N/A
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
CVE-2014-10038 1 Domphp 1 Domphp 2025-04-12 N/A
SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.
CVE-2014-2639 1 Hp 1 Mpio Device Specific Module Manager 2025-04-12 N/A
Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.
CVE-2014-1216 1 Fitnesse 1 Fitnesse Wiki 2025-04-12 N/A
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
CVE-2014-1217 1 Livetecs 1 Timeline 2025-04-12 N/A
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.
CVE-2014-1222 1 Vtiger 1 Vtiger Crm 2025-04-12 N/A
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.
CVE-2014-1223 1 Telligent 1 Evolution 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
CVE-2014-1224 1 Rexx-systems 1 Recruitment 2025-04-12 N/A
Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS) attacks via the oninput event handler in the fname parameter to the default URI in /reg.
CVE-2014-1247 1 Apple 1 Quicktime 2025-04-12 N/A
Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.
CVE-2014-1243 1 Apple 1 Quicktime 2025-04-12 N/A
Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file.
CVE-2014-1244 1 Apple 1 Quicktime 2025-04-12 N/A
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
CVE-2014-1245 1 Apple 1 Quicktime 2025-04-12 N/A
Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.
CVE-2014-1246 1 Apple 1 Quicktime 2025-04-12 N/A
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.
CVE-2014-1248 1 Apple 1 Quicktime 2025-04-12 N/A
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.