CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8251 CVE-2014-6530 2014-10-15 2018-12-18
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.
8252 CVE-2014-6529 2014-10-15 2014-11-18
6.8
None Local Network High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver.
8253 CVE-2014-6518 2015-01-21 2016-12-06
6.6
None Local Low Not required None Complete Complete
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).
8254 CVE-2014-6506 2014-10-15 2015-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
8255 CVE-2014-6499 2014-10-15 2015-11-06
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to WebLogic Tuxedo Connector.
8256 CVE-2014-6483 2014-10-15 2015-11-06
6.0
None Remote Medium Single system Partial Partial Partial
Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
8257 CVE-2014-6480 2015-01-21 2016-12-06
6.5
None Local Low Multiple systems Complete Complete Complete
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to System management.
8258 CVE-2014-6477 200 +Info 2014-11-23 2017-09-07
6.8
None Remote Low Single system Complete None None
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547. NOTE: this issue was originally mapped to CVE-2014-4301, but CVE-2014-4301 is for an unrelated vulnerability.
8259 CVE-2014-6470 2014-10-15 2015-11-06
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility.
8260 CVE-2014-6469 2014-10-15 2018-12-18
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.
8261 CVE-2014-6468 2014-10-15 2017-01-02
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
8262 CVE-2014-6466 2014-10-15 2015-03-16
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
8263 CVE-2014-6465 2014-10-15 2015-11-06
6.3
None Remote Medium Single system None None Complete
Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remote authenticated users to affect availability via unknown vectors related to Lawful Intercept.
8264 CVE-2014-6458 2014-10-15 2017-01-02
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
8265 CVE-2014-6409 352 1 CSRF 2014-10-06 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
8266 CVE-2014-6385 DoS 2015-01-16 2015-01-26
6.1
None Local Network Low Not required None None Complete
Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R2, and 14.2 before 14.2R1 allows remote attackers to cause a denial of service (kernel crash and restart) via a crafted fragmented OSPFv3 packet with an IPsec Authentication Header (AH).
8267 CVE-2014-6384 264 Exec Code Bypass 2015-01-16 2015-01-26
6.9
None Local Medium Not required Complete Complete Complete
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors.
8268 CVE-2014-6299 352 CSRF 2014-10-03 2014-10-06
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors.
8269 CVE-2014-6292 2014-10-03 2014-10-06
6.4
None Remote Low Not required None Partial Partial
The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors.
8270 CVE-2014-6283 264 Overflow 2014-10-17 2017-09-07
6.5
None Remote Low Single system Partial Partial Partial
SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors.
8271 CVE-2014-6273 119 DoS Exec Code Overflow 2014-09-30 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
8272 CVE-2014-6270 119 DoS Exec Code Overflow 2014-09-12 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
8273 CVE-2014-6260 77 DoS Exec Code 2014-12-15 2016-03-21
6.8
None Remote Medium Not required Partial Partial Partial
Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412.
8274 CVE-2014-6255 2014-12-15 2016-03-21
6.4
None Remote Low Not required Partial Partial None
Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998.
8275 CVE-2014-6253 352 CSRF 2014-12-15 2016-03-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653.
8276 CVE-2014-6252 119 DoS Exec Code Overflow 2014-09-05 2018-12-10
6.5
None Remote Low Single system Partial Partial Partial
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
8277 CVE-2014-6251 119 Overflow 2014-10-24 2014-10-27
6.0
None Remote Medium Single system Partial Partial Partial
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.
8278 CVE-2014-6242 89 1 Exec Code Sql CSRF 2014-10-02 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
8279 CVE-2014-6214 352 XSS CSRF 2015-03-12 2015-08-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
8280 CVE-2014-6198 352 CSRF 2015-06-28 2017-09-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users.
8281 CVE-2014-6187 352 CSRF 2014-12-24 2017-09-07
6.0
None Remote Medium Single system Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
8282 CVE-2014-6168 352 XSS CSRF 2014-12-28 2017-09-07
6.0
None Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
8283 CVE-2014-6125 352 XSS CSRF 2014-10-28 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
8284 CVE-2014-6106 352 XSS CSRF 2017-09-18 2017-09-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.
8285 CVE-2014-6090 352 XSS CSRF 2015-04-27 2015-04-27
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and 6.0.5 before 6.0.5.6 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
8286 CVE-2014-6080 89 Exec Code Sql 2014-12-18 2017-09-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
8287 CVE-2014-6077 352 XSS CSRF 2014-12-18 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
8288 CVE-2014-6055 119 DoS Exec Code Overflow 2014-09-30 2017-09-07
6.5
None Remote Low Single system Partial Partial Partial
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
8289 CVE-2014-6046 352 CSRF 2018-08-28 2018-11-01
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token.
8290 CVE-2014-6045 89 Exec Code Sql 2018-08-28 2018-10-31
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.
8291 CVE-2014-6043 264 1 2014-09-11 2014-09-12
6.5
User Remote Low Single system Partial Partial Partial
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do.
8292 CVE-2014-6036 22 Dir. Trav. 2014-12-04 2019-07-15
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.
8293 CVE-2014-6030 89 Exec Code Sql 2014-11-06 2014-11-06
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
8294 CVE-2014-5521 89 1 Exec Code Sql 2014-09-02 2014-09-03
6.5
None Remote Low Single system Partial Partial Partial
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
8295 CVE-2014-5506 Exec Code 2014-09-04 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
8296 CVE-2014-5505 119 Exec Code Overflow 2014-09-04 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
8297 CVE-2014-5462 89 Exec Code Sql 2014-12-08 2018-08-23
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_number parameter to interface/reports/prescriptions_report.php; (5) payment_id parameter to interface/billing/edit_payment.php; (6) id parameter to interface/forms_admin/forms_admin.php; (7) form_pid or (8) form_encounter parameter to interface/billing/sl_eob_search.php; (9) sortby parameter to interface/logview/logview.php; form_facility parameter to (10) procedure_stats.php, (11) pending_followup.php, or (12) pending_orders.php in interface/orders/; (13) patient, (14) encounterid, (15) formid, or (16) issue parameter to interface/patient_file/deleter.php; (17) search_term parameter to interface/patient_file/encounter/coding_popup.php; (18) text parameter to interface/patient_file/encounter/search_code.php; (19) form_addr1, (20) form_addr2, (21) form_attn, (22) form_country, (23) form_freeb_type, (24) form_partner, (25) form_name, (26) form_zip, (27) form_state, (28) form_city, or (29) form_cms_id parameter to interface/practice/ins_search.php; (30) form_pid parameter to interface/patient_file/problem_encounter.php; (31) patient, (32) form_provider, (33) form_apptstatus, or (34) form_facility parameter to interface/reports/appointments_report.php; (35) db_id parameter to interface/patient_file/summary/demographics_save.php; (36) p parameter to interface/fax/fax_dispatch_newpid.php; or (37) patient_id parameter to interface/patient_file/reminder/patient_reminders.php.
8298 CVE-2014-5460 20 2 Exec Code 2014-09-11 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
8299 CVE-2014-5455 428 1 +Priv 2014-08-25 2016-11-14
6.9
None Local Medium Not required Complete Complete Complete
Unquoted Windows search path vulnerability in the ptservice service in PrivateTunnel 2.3.8, as bundled in OpenVPN 2.1.28.0 allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
8300 CVE-2014-5454 Exec Code 2014-08-25 2017-09-07
6.0
None Remote Medium Single system Partial Partial Partial
Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.