Total
1501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5287 | 1 Kemptechnologies | 1 Loadmaster | 2024-11-21 | 8.8 High |
| A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). | ||||
| CVE-2014-5086 | 3 Sphider, Sphider-plus, Sphiderpro | 3 Sphider, Sphider-plus, Sphider Pro | 2024-11-21 | 8.8 High |
| A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider. | ||||
| CVE-2014-5085 | 1 Sphider-plus | 1 Sphider-plus | 2024-11-21 | 8.8 High |
| A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro. | ||||
| CVE-2014-5084 | 1 Sphiderpro | 1 Sphider Pro | 2024-11-21 | 8.8 High |
| A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus. | ||||
| CVE-2014-5083 | 1 Sphider | 1 Sphider | 2024-11-21 | 8.8 High |
| A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider. | ||||
| CVE-2014-4967 | 1 Redhat | 1 Ansible | 2024-11-21 | 9.8 Critical |
| Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | ||||
| CVE-2014-4966 | 1 Redhat | 1 Ansible | 2024-11-21 | 9.8 Critical |
| Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | ||||
| CVE-2014-4678 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2024-11-21 | 9.8 Critical |
| The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | ||||
| CVE-2014-4172 | 4 Apereo, Debian, Fedoraproject and 1 more | 6 .net Cas Client, Java Cas Client, Phpcas and 3 more | 2024-11-21 | 9.8 Critical |
| A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | ||||
| CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 9.8 Critical |
| eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | ||||
| CVE-2014-2294 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | N/A |
| Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. | ||||
| CVE-2014-10394 | 1 Saschart | 1 Rich Counter | 2024-11-21 | N/A |
| The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. | ||||
| CVE-2014-10391 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. | ||||
| CVE-2014-10386 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. | ||||
| CVE-2013-7487 | 1 Swann | 8 Dvr-16cif, Dvr-16cif Firmware, Dvr04b and 5 more | 2024-11-21 | 9.8 Critical |
| On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | ||||
| CVE-2013-7381 | 1 Libnotify Project | 1 Libnotify | 2024-11-21 | 9.8 Critical |
| libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | ||||
| CVE-2013-7380 | 1 Ep Imageconvert Project | 1 Ep Imageconvert | 2024-11-21 | 9.8 Critical |
| The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability | ||||
| CVE-2013-7378 | 1 Hubot Scripts Project | 1 Hubot Scripts | 2024-11-21 | 9.8 Critical |
| scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. | ||||
| CVE-2013-7324 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 5.3 Medium |
| Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration. | ||||
| CVE-2013-7070 | 1 Fibranet | 1 Monitorix | 2024-11-21 | 9.8 Critical |
| The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. | ||||