Export limit exceeded: 363761 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363761 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-4907 2 Op5, Pnp4nagios 2 Monitor, Pnp4nagios 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.
CVE-2014-4908 1 Pnp4nagios 1 Pnp4nagios 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php, leading to improper handling within an http-equiv="refresh" META element.
CVE-2014-4909 4 Canonical, Fedoraproject, Gentoo and 1 more 4 Ubuntu Linux, Fedora, Linux and 1 more 2025-04-12 N/A
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
CVE-2014-4910 1 X 1 Xf86-video-intel 2025-04-12 N/A
Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.
CVE-2014-4911 2 Debian, Polarssl 2 Debian Linux, Polarssl 2025-04-12 N/A
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.
CVE-2014-4927 3 Acme, Dlink, Netgear 5 Micro Httpd, Dsl2740u, Dsl2750u and 2 more 2025-04-12 N/A
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
CVE-2014-4929 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.
CVE-2014-4930 1 Zohocorp 1 Manageengine Eventlog Analyzer 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072.
CVE-2014-4936 1 Malwarebytes 2 Malwarebytes Anti-exploit, Malwarebytes Anti-malware 2025-04-12 N/A
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
CVE-2014-4937 1 Bookx Plugin Project 1 Bookx 2025-04-12 N/A
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2014-4938 1 Wp Rss Poster Plugin Project 1 Wp-rss-poster 2025-04-12 N/A
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.
CVE-2014-4939 1 Enl Newsletter Plugin Project 1 Enl-newsletter 2025-04-12 N/A
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
CVE-2014-4940 1 Tera Charts Plugin Project 1 Tera-charts 2025-04-12 N/A
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
CVE-2014-4941 1 Cross-rss Plugin Project 1 Wp-cross-rss 2025-04-12 N/A
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
CVE-2014-4942 1 Levelfourdevelopment 1 Wp-easycart 2025-04-12 N/A
The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.
CVE-2014-4943 5 Debian, Linux, Opensuse and 2 more 9 Debian Linux, Linux Kernel, Opensuse and 6 more 2025-04-12 N/A
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
CVE-2014-4944 1 Bannersky 1 Bsk Pdf Manager 2025-04-12 N/A
Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.
CVE-2014-4945 1 Horde 2 Groupware, Internet Mail Program 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view.
CVE-2014-4946 1 Horde 2 Groupware, Internet Mail Program 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.
CVE-2014-4947 1 Citrix 1 Xenserver 2025-04-12 N/A
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.