Export limit exceeded: 363304 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363304 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363304 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-100003 | 1 Yourmembers Project | 1 Yourmembers | 2025-04-12 | N/A |
| SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI. | ||||
| CVE-2014-100004 | 1 Sitecore | 1 Cms | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2014-100012 | 1 Sendy | 1 Sendy | 2025-04-12 | N/A |
| SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | ||||
| CVE-2014-100006 | 1 Webtrees | 1 Webtrees | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in modules_v3/googlemap/wt_v3_street_view.php in webtrees before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) map, (2) streetview, or (3) reset parameter. | ||||
| CVE-2014-100007 | 1 Hk Exif Tags Project | 1 Hk Exif Tags | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2014-100008 | 1 Joomlaskin | 1 Js Multi Hotel | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter. | ||||
| CVE-2014-100009 | 1 Joomlaskin | 1 Js Multi Hotel | 2025-04-12 | N/A |
| The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php, (2) myCalendar.php, (3) refreshDate.php, (4) show_image.php, (5) widget.php, (6) phpthumb/GdThumb.inc.php, or (7) phpthumb/thumb_plugins/gd_reflection.inc.php in includes/. | ||||
| CVE-2014-10001 | 1 Phpjabbers | 1 Appointment Scheduler | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller. | ||||
| CVE-2014-100010 | 1 Csphere | 1 Clansphere | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php. | ||||
| CVE-2014-100011 | 1 Sendy | 1 Sendy | 2025-04-12 | N/A |
| SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. | ||||
| CVE-2014-100013 | 1 Clientresponse Project | 1 Clientresponse | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field. | ||||
| CVE-2014-100014 | 1 Solidworks | 1 Product Data Management | 2025-04-12 | N/A |
| Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000. | ||||
| CVE-2014-100015 | 1 Solidworks | 1 Product Data Management | 2025-04-12 | N/A |
| Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload. | ||||
| CVE-2014-100016 | 1 Photocati Media | 1 Photocrati | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter. | ||||
| CVE-2014-100017 | 1 Phponlinechat | 1 Phponlinechat | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field. | ||||
| CVE-2014-100019 | 1 Pomm-project | 1 Pomm | 2025-04-12 | N/A |
| SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-10002 | 1 Jetbrains | 1 Teamcity | 2025-04-12 | N/A |
| Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2014-100020 | 1 Itechscripts | 1 Itechclassifieds | 2025-04-12 | N/A |
| SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. | ||||
| CVE-2014-100021 | 1 Orangehrm | 1 Orangehrm | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter. | ||||
| CVE-2014-100022 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2025-04-12 | N/A |
| SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. | ||||