Latest CVE Feed
-
9.0
HIGHCVE-2014-2723
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more
- Published: Mar. 19, 2020
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2014-2722
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more
- Published: Mar. 19, 2020
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2014-2721
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and ... Read more
- Published: Mar. 19, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2014-2686
Ansible prior to 1.5.4 mishandles the evaluation of some strings.... Read more
Affected Products : ansible- Published: Jan. 09, 2020
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2014-2680
The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack.... Read more
Affected Products : xmind- Published: Jan. 21, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2014-2675
Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-s... Read more
Affected Products : wp-html-sitemap- Published: Mar. 19, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2014-2674
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.... Read more
Affected Products : ajax-pagination- Published: Mar. 19, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-2652
SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more
Affected Products : openscape_deployment_service- Published: Mar. 19, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2014-2651
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface... Read more
- Published: Jan. 09, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2014-2650
Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface... Read more
- Published: Jan. 09, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-2595
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.... Read more
Affected Products : web_application_firewall- Published: Feb. 12, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-2592
Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension.... Read more
Affected Products : web_management_portal- Published: Mar. 09, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2014-2581
Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.... Read more
- Published: Jan. 28, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2014-2560
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.... Read more
Affected Products : phonerlite- Published: Feb. 12, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-2552
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.... Read more
Affected Products : collected_information_export- Published: Apr. 27, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2014-2550
Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settin... Read more
Affected Products : disable_comments_project- Published: Mar. 19, 2018
- Modified: Nov. 21, 2024
-
4.6
MEDIUM- Published: Dec. 13, 2019
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2014-2359
OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data.... Read more
- Published: Apr. 06, 2018
- Modified: Nov. 21, 2024
-
6.6
MEDIUMCVE-2014-2312
The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.... Read more
Affected Products : thermald- Published: Mar. 26, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2014-2304
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed... Read more
Affected Products : open_sdn_controller- Published: Oct. 23, 2019
- Modified: Nov. 21, 2024