Latest CVE Feed
-
7.5
HIGHCVE-2014-9345
SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi.... Read more
Affected Products : advertise_with_pleasure\!- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-9344
Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/.... Read more
Affected Products : snowfox_content_management_system- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
5.8
MEDIUMCVE-2014-9343
Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/... Read more
Affected Products : snowfox_content_management_system- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2014-9305
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_produc... Read more
Affected Products : cart66_lite- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9280
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.... Read more
Affected Products : mantisbt- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2014-9279
The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to th... Read more
Affected Products : mantisbt- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
4.6
MEDIUMCVE-2014-9273
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.... Read more
- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-9270
Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary web script or HTML via the "profile/Platform" field.... Read more
Affected Products : mantisbt- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-9268
The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file.... Read more
Affected Products : design_review- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-9267
Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value.... Read more
Affected Products : isoview- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-9266
The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more
- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-9265
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.... Read more
Affected Products : smartviewer- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-9263
Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) StartRecordEx, (3) StartScheduledRecord, (4)... Read more
Affected Products : 3s_pocketnet_tech_video_management_software- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2014-9130
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.... Read more
Affected Products : libyaml- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9029
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer ... Read more
Affected Products : jasper- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
4.6
MEDIUMCVE-2014-8106
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-... Read more
Affected Products : qemu- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2014-5462
Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, o... Read more
Affected Products : openemr- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-9342
Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy gen... Read more
- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-9219
Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.... Read more
Affected Products : phpmyadmin- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2014-9218
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.... Read more
Affected Products : phpmyadmin- Published: Dec. 08, 2014
- Modified: Apr. 12, 2025