Export limit exceeded: 363315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-100031 1 Ismail Fahmi 1 Ganesha Digital Library 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.
CVE-2014-100032 1 Airties 1 Air 6372 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter.
CVE-2014-100033 1 Licensepal 1 Arcticdesk 2025-04-12 N/A
Directory traversal vulnerability in LicensePal ArcticDesk before 1.2.5 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-100034 1 Licensepal 1 Arcticdesk 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-100035 1 Licensepal 1 Arcticdesk 2025-04-12 N/A
SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-100036 1 Flatpress 1 Flatpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI.
CVE-2014-100037 1 Storytlr 1 Storytlr 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to archives/.
CVE-2014-100038 1 Storytlr 1 Storytlr 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/.
CVE-2014-100039 1 Malwarebytes 1 Malwarebytes Anti-exploit 2025-04-12 N/A
mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.
CVE-2014-10004 1 Maianscriptworld 1 Maian Uploader 2025-04-12 N/A
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2014-10005 1 Maianscriptworld 1 Maian Uploader 2025-04-12 N/A
Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message.
CVE-2014-10006 1 Maianscriptworld 1 Maian Uploader 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.
CVE-2014-10007 1 Maianscriptworld 1 Maian Weblog 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact action to index.php.
CVE-2014-10008 1 Iwcn 1 Stark Crm 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page.
CVE-2014-10009 1 Iwcn 1 Stark Crm 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.
CVE-2014-10010 1 Phpjabbers 1 Appointment Scheduler 2025-04-12 N/A
Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.
CVE-2014-10011 1 Trendnet 2 Tv-ip422w, Tv-ip422wn 2025-04-12 N/A
Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.
CVE-2014-10012 1 Strategy11 1 Awp Classifieds 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.
CVE-2014-10013 1 Strategy11 1 Awp Classifieds 2025-04-12 N/A
SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.
CVE-2014-10014 1 Phpjabbers 1 Event Booking Calendar 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller.