The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2014-5092 | Status2k allows Remote Command Execution in admin/options/editpl.php. | MEDIUM | Jan 10, 2020 |
CVE-2014-5091 | A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. | HIGH | Feb 11, 2020 |
CVE-2014-5087 | A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code. | HIGH | Feb 11, 2020 |
CVE-2014-5086 | A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider. | HIGH | Feb 13, 2020 |
CVE-2014-5085 | A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro. | MEDIUM | Feb 14, 2020 |
CVE-2014-5084 | A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus. | MEDIUM | Feb 14, 2020 |
CVE-2014-5083 | A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider. | MEDIUM | Feb 14, 2020 |
CVE-2014-5081 | sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass | HIGH | Jan 10, 2020 |
CVE-2014-5072 | Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | MEDIUM | Apr 6, 2018 |
CVE-2014-5071 | SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username. | HIGH | Jan 8, 2018 |
CVE-2014-5070 | Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. | MEDIUM | Jan 11, 2018 |
CVE-2014-5069 | Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs. | MEDIUM | Jan 8, 2018 |
CVE-2014-5068 | Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\\ (dot dot forward slash) before a file name. | MEDIUM | Jan 11, 2018 |
CVE-2014-5044 | Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation. | HIGH | Mar 7, 2018 |
CVE-2014-5043 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Nov 7, 2023 |
CVE-2014-5039 | Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | Feb 5, 2020 |
CVE-2014-5034 | Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php. | MEDIUM | Apr 6, 2018 |
CVE-2014-5028 | The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. | MEDIUM | Mar 29, 2018 |
CVE-2014-5014 | The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. | HIGH | Apr 25, 2018 |
CVE-2014-5013 | DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. | MEDIUM | Jan 13, 2020 |
CVE-2014-5012 | DOMPDF before 0.6.2 allows denial of service. | MEDIUM | Jan 13, 2020 |
CVE-2014-5011 | DOMPDF before 0.6.2 allows Information Disclosure. | MEDIUM | Jan 13, 2020 |
CVE-2014-5009 | Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. | High | Apr 4, 2017 |
CVE-2014-5008 | Snoopy allows remote attackers to execute arbitrary commands. | High | Apr 4, 2017 |
CVE-2014-5007 | Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter. | HIGH | Jan 17, 2020 |
CVE-2014-5004 | lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process. | LOW | Jan 10, 2018 |
CVE-2014-5003 | chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer. | LOW | Jan 10, 2018 |
CVE-2014-5002 | The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes. | LOW | Jan 10, 2018 |
CVE-2014-5001 | lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes. | LOW | Jan 10, 2018 |
CVE-2014-5000 | The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | LOW | Jan 10, 2018 |
CVE-2014-4999 | vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process. | LOW | Jan 10, 2018 |
CVE-2014-4998 | test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | LOW | Jan 10, 2018 |
CVE-2014-4997 | lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. | LOW | Jan 10, 2018 |
CVE-2014-4996 | lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}. | LOW | Jan 10, 2018 |
CVE-2014-4995 | Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed. | LOW | Jan 10, 2018 |
CVE-2014-4994 | lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames. | LOW | Jan 10, 2018 |
CVE-2014-4993 | (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process. | LOW | Jan 10, 2018 |
CVE-2014-4992 | lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process. | LOW | Jan 10, 2018 |
CVE-2014-4991 | (1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | LOW | Jan 10, 2018 |
CVE-2014-4984 | Déjà Vu Crescendo Sales CRM has remote SQL Injection | HIGH | Jan 15, 2020 |
CVE-2014-4982 | LPAR2RRD ? 4.53 and ? 3.5 has arbitrary command injection on the application server. | HIGH | Jan 10, 2020 |
CVE-2014-4981 | LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | HIGH | Feb 20, 2020 |
CVE-2014-4978 | The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | -- | Dec 29, 2017 |
CVE-2014-4972 | Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. | HIGH | Jan 8, 2018 |
CVE-2014-4968 | The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. | MEDIUM | Feb 12, 2020 |
CVE-2014-4967 | Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing src= clause, (2) a trailing temp= clause, or (3) a trailing validate= clause accompanied by a shell command. | HIGH | Feb 26, 2020 |
CVE-2014-4966 | Ansible before 1.6.7 does not prevent inventory data with {{ and lookup substrings, and does not prevent remote data with {{ substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup(\'pipe\') calls or (2) crafted Jinja2 data. | HIGH | Feb 26, 2020 |
CVE-2014-4959 | **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method. | HIGH | Apr 23, 2018 |
CVE-2014-4953 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 |
CVE-2014-4952 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 |