Export limit exceeded: 363856 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363856 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5464 1 Ntop 1 Ntopng 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
CVE-2014-5465 1 Werdswords 1 Download Shortcode 2025-04-12 N/A
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2014-5466 1 Splunk 1 Splunk 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5471 2 Linux, Redhat 6 Linux Kernel, Enterprise Linux, Enterprise Mrg and 3 more 2025-04-12 N/A
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.
CVE-2014-5472 2 Linux, Redhat 6 Linux Kernel, Enterprise Linux, Enterprise Mrg and 3 more 2025-04-12 N/A
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
CVE-2014-5501 1 Cyberoam 1 Cyberoam Os 2025-04-12 N/A
Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.
CVE-2014-5502 1 Cyberoam 1 Cyberoam Os 2025-04-12 N/A
The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.
CVE-2014-5503 1 Cyberoam 1 Cyberoam Os 2025-04-12 N/A
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.
CVE-2014-5504 1 Solarwinds 1 Log And Event Manager 2025-04-12 N/A
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
CVE-2014-5505 1 Sap 1 Crystal Reports 2025-04-12 N/A
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
CVE-2014-5506 1 Sap 1 Crystal Reports 2025-04-12 N/A
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
CVE-2014-5507 1 Pro Softnet Corporation 1 Ibackup 2025-04-12 N/A
iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.
CVE-2014-5508 1 Srvx 1 Srvx 2025-04-12 N/A
Multiple integer overflows in the HelpServ module (mod-helpserv.c) in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service (infinite loop) via a large value in the EmptyInterval parameter or certain other interval configurations.
CVE-2014-5519 1 Phpwiki Project 1 Phpwiki 2025-04-12 N/A
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.
CVE-2014-5520 1 Xrms Crm Project 1 Xrms Crm 2025-04-12 N/A
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
CVE-2014-5521 1 Xrms Crm Project 1 Xrms Crm 2025-04-12 N/A
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
CVE-2014-5524 1 Adcolony 1 Adcolony Library 2025-04-12 N/A
The Adcolony library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5525 1 Playscape 1 Mominis Library 2025-04-12 N/A
The MoMinis library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5526 1 Inmobi 1 Inmobi 2025-04-12 N/A
The Inmobi library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5527 1 Tapjoy 1 Tapjoy Library 2025-04-12 N/A
The Tapjoy library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.