Total
1690 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10062 | 1 Galaxyproject | 1 Galaxy | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named 50d65f45d3f5be5d1fbff2e45ac5cec075f07d42. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218451. | |||||
| CVE-2015-10027 | 1 Ttrrs-auth-ldap Project | 1 Ttrrs-auth-ldap | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is identified as a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-7952 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. | |||||
| CVE-2014-7844 | 3 Bsd Mailx Project, Debian, Redhat | 8 Bsd Mailx, Debian Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | |||||
| CVE-2014-7236 | 1 Twiki | 1 Twiki | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. | |||||
| CVE-2014-5287 | 1 Kemptechnologies | 1 Loadmaster | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). | |||||
| CVE-2014-5086 | 3 Sphider, Sphider-plus, Sphiderpro | 3 Sphider, Sphider-plus, Sphider Pro | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider. | |||||
| CVE-2014-5085 | 1 Sphider-plus | 1 Sphider-plus | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro. | |||||
| CVE-2014-5084 | 1 Sphiderpro | 1 Sphider Pro | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus. | |||||
| CVE-2014-5083 | 1 Sphider | 1 Sphider | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider. | |||||
| CVE-2014-4967 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | |||||
| CVE-2014-4966 | 1 Redhat | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | |||||
| CVE-2014-4678 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | |||||
| CVE-2014-4172 | 3 Apereo, Debian, Fedoraproject | 5 .net Cas Client, Java Cas Client, Phpcas and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | |||||
| CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | |||||
| CVE-2014-2294 | 1 Openwebanalytics | 1 Open Web Analytics | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. | |||||
| CVE-2014-10394 | 1 Saschart | 1 Rich Counter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. | |||||
| CVE-2014-10391 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. | |||||
| CVE-2014-10386 | 1 3cx | 1 Live Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. | |||||
| CVE-2013-7487 | 1 Swann | 8 Dvr-16cif, Dvr-16cif Firmware, Dvr04b and 5 more | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | |||||