Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363638 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-4847 1 Buffercode 1 Random Banner 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php.
CVE-2014-4848 1 Blogstand Banner Plugin Project 1 Blogstand-smart-banner 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id parameter to wp-admin/options-general.php.
CVE-2014-4849 1 Foecms 1 Foecms 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter.
CVE-2014-4850 1 Foecms 1 Foecms 2025-04-12 N/A
SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter.
CVE-2014-4851 1 Foecms 1 Foecms 2025-04-12 N/A
Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter.
CVE-2014-4852 1 Thedigitalcraft 1 Atomcms 2025-04-12 N/A
SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2014-4853 1 Opendocman 1 Opendocman 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.
CVE-2014-4854 1 Smartcatdesign 1 Wp Contruction Mode 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php.
CVE-2014-4855 1 Polylang Plugin Project 1 Polylang 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information.
CVE-2014-4856 1 Polldaddy Polls \& Ratings Plugin Project 1 Polldaddy Polls \& Ratings 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party information.
CVE-2014-4857 1 Gurock 1 Testrail 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity.
CVE-2014-4858 1 Sabreairlinesolutions 5 Crew Management, Crew Operations, Crew Planning and 2 more 2025-04-12 N/A
Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
CVE-2014-4862 1 Netmaster 2 Cbw700 Software, Netmaster Cbw700n 2025-04-12 N/A
The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request.
CVE-2014-4863 1 Arris 2 Touchstone Dg950a, Touchstone Dg950a Software 2025-04-12 N/A
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request.
CVE-2014-4864 1 Netgear 1 Prosafe Firmware 2025-04-12 N/A
The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file.
CVE-2014-4865 1 Cacheguard 1 Cacheguardos 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-4867 1 Cryoserver 1 Cryoserver Security Appliance 2025-04-12 N/A
Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program.
CVE-2014-4868 1 Brocade 2 Vyatta 5400 Vrouter, Vyatta 5400 Vrouter Software 2025-04-12 N/A
The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command.
CVE-2014-4869 1 Brocade 2 Vyatta 5400 Vrouter, Vyatta 5400 Vrouter Software 2025-04-12 N/A
The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group.
CVE-2014-4870 1 Brocade 2 Vyatta 5400 Vrouter, Vyatta 5400 Vrouter Software 2025-04-12 N/A
/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration.