Export limit exceeded: 364866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9346 1 Hierarchical Select Project 1 Hierarchical Select 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the (1) taxonomy term title for instances with Save term lineage enabled or (2) entity type fields.
CVE-2014-9347 1 Phpmyrecipes Project 1 Phpmyrecipes 2025-04-12 N/A
SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter.
CVE-2014-9348 1 Robotstats 1 Robotstats 2025-04-12 N/A
SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php.
CVE-2014-9349 1 Robotstats 1 Robotstats 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter to admin/robots.php.
CVE-2014-9350 1 Tp-link 2 Tl-wr740n, Tl-wr740n Firmware 2025-04-12 N/A
TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm.
CVE-2014-9351 1 Teeworlds 1 Teeworlds 2025-04-12 N/A
engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote attackers to read memory and cause a denial of service (crash) via unspecified vectors.
CVE-2014-9352 1 Scalix 1 Web Access 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the mail administration login panel in Scalix Web Access 11.4.6.12377 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-9353 1 Netapp 1 Oncommand Balance 2025-04-12 N/A
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.
CVE-2014-9354 1 Netapp 1 Oncommand Balance 2025-04-12 N/A
NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage.
CVE-2014-9355 1 Puppet 1 Puppet Enterprise 2025-04-12 N/A
Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.
CVE-2014-9357 2 Docker, Redhat 2 Docker, Rhel Extras Other 2025-04-12 N/A
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
CVE-2014-9358 2 Docker, Redhat 2 Docker, Rhel Extras Other 2025-04-12 N/A
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
CVE-2014-9360 1 Scalix 1 Web Access 2025-04-12 N/A
XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request.
CVE-2014-9361 1 Logintoboggan Project 1 Logintoboggan 2025-04-12 N/A
The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page.
CVE-2014-9362 1 Meta Tags Quick Project 1 Meta Tags Quick 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the "Edit path based meta tags" permission to inject arbitrary web script or HTML via vectors related to deleting a Path-based Metatag.
CVE-2014-9363 1 Meta Tags Quick Project 1 Meta Tags Quick 2025-04-12 N/A
Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter.
CVE-2014-9364 1 Logintoboggan Project 1 Logintoboggan 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-9365 3 Apple, Python, Redhat 4 Mac Os X, Python, Enterprise Linux and 1 more 2025-04-12 N/A
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2014-9418 1 Huawei 1 Espace Desktop 2025-04-12 N/A
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.
CVE-2014-9367 1 Twiki 1 Twiki 2025-04-12 N/A
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.