| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2014-10000 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently ... | R | |
| CVE-2014-10001 | Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 a... | E | |
| CVE-2014-10002 | Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensiti... | | |
| CVE-2014-10003 | Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to ... | E | |
| CVE-2014-10004 | SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attacke... | E | |
| CVE-2014-10005 | Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the... | E | |
| CVE-2014-10006 | Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attack... | E | |
| CVE-2014-10007 | Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote att... | E | |
| CVE-2014-10008 | Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers t... | E | |
| CVE-2014-10009 | Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to injec... | E | |
| CVE-2014-10010 | Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to... | E | |
| CVE-2014-10011 | Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the T... | E | |
| CVE-2014-10012 | Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for Word... | E | |
| CVE-2014-10013 | SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows ... | E | |
| CVE-2014-10014 | Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 ... | E | |
| CVE-2014-10015 | SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows rem... | E | |
| CVE-2014-10016 | Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for Word... | E | |
| CVE-2014-10017 | Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow r... | E | |
| CVE-2014-10018 | Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-... | E | |
| CVE-2014-10019 | Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in... | E | |
| CVE-2014-10020 | SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execut... | E | |
| CVE-2014-10021 | Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for Wor... | E | |
| CVE-2014-10022 | Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecif... | | |
| CVE-2014-10023 | Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute ... | E | |
| CVE-2014-10024 | Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player... | E | |
| CVE-2014-10025 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 an... | E | |
| CVE-2014-10026 | index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authe... | E | |
| CVE-2014-10027 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2... | E | |
| CVE-2014-10028 | Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later all... | E | |
| CVE-2014-10029 | SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows rem... | E | |
| CVE-2014-10030 | Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allow... | E | |
| CVE-2014-10031 | Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers ... | E | |
| CVE-2014-10032 | SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated u... | E | |
| CVE-2014-10033 | SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce... | E | |
| CVE-2014-10034 | Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote admi... | E | |
| CVE-2014-10035 | Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allo... | E | |
| CVE-2014-10036 | Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to... | E | |
| CVE-2014-10037 | Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspeci... | E | |
| CVE-2014-10038 | SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attacke... | E | |
| CVE-2014-10039 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, ... | | |
| CVE-2014-10043 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd... | | |
| CVE-2014-10044 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, ... | | |
| CVE-2014-10045 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd... | | |
| CVE-2014-10046 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, ... | | |
| CVE-2014-10047 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 an... | | |
| CVE-2014-10048 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd... | | |
| CVE-2014-10049 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2014-10050 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8996, ... | | |
| CVE-2014-10051 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd... | | |
| CVE-2014-10052 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdrag... | | |
| CVE-2014-10053 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap... | | |
| CVE-2014-10054 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap... | | |
| CVE-2014-10055 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 an... | | |
| CVE-2014-10056 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD... | | |
| CVE-2014-10057 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, ... | | |
| CVE-2014-10058 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD... | | |
| CVE-2014-10059 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, ... | | |
| CVE-2014-10060 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2014-10061 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2014-10062 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd... | | |
| CVE-2014-10063 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 a... | | |
| CVE-2014-10064 | The qs module before 1.0.0 does not have an option or default for specifying object depth and when p... | | |
| CVE-2014-10065 | Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disal... | E | |
| CVE-2014-10066 | Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory t... | | |
| CVE-2014-10067 | paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to ... | | |
| CVE-2014-10068 | The inert directory handler in inert node module before 1.1.1 always allows files in hidden director... | S | |
| CVE-2014-10069 | Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' i... | S | |
| CVE-2014-10070 | zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the envi... | S | |
| CVE-2014-10071 | In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.... | S | |
| CVE-2014-10072 | In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths f... | S | |
| CVE-2014-10073 | The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal b... | | |
| CVE-2014-10074 | Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umb... | E S | |
| CVE-2014-10075 | The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.... | E | |
| CVE-2014-10076 | The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, wh... | E | |
| CVE-2014-10077 | Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attacker... | S | |
| CVE-2014-10078 | Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/register... | E | |
| CVE-2014-10079 | In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in... | E | |
| CVE-2014-10374 | On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-003... | | |
| CVE-2014-10375 | handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length... | S | |
| CVE-2014-10376 | The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.... | | |
| CVE-2014-10377 | The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.... | | |
| CVE-2014-10378 | The duplicate-post plugin before 2.6 for WordPress has XSS.... | | |
| CVE-2014-10379 | The duplicate-post plugin before 2.6 for WordPress has SQL injection.... | | |
| CVE-2014-10380 | The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.... | | |
| CVE-2014-10381 | The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.... | | |
| CVE-2014-10382 | The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.... | | |
| CVE-2014-10383 | The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.... | | |
| CVE-2014-10384 | The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.... | | |
| CVE-2014-10385 | The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.... | | |
| CVE-2014-10386 | The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.... | | |
| CVE-2014-10387 | The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.... | | |
| CVE-2014-10388 | The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosur... | | |
| CVE-2014-10389 | The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentic... | | |
| CVE-2014-10390 | The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal... | | |
| CVE-2014-10391 | The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injectio... | | |
| CVE-2014-10392 | The cforms2 plugin before 10.2 for WordPress has XSS.... | | |
| CVE-2014-10393 | The cforms2 plugin before 10.5 for WordPress has XSS.... | | |
| CVE-2014-10394 | The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.... | | |
| CVE-2014-10395 | The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.... | | |
| CVE-2014-10396 | The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file paramet... | E | |
| CVE-2014-10397 | The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file para... | E | |
| CVE-2014-10398 | Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Cli... | E | |
| CVE-2014-10399 | The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attac... | | |
| CVE-2014-10400 | The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remot... | | |
| CVE-2014-10401 | An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files fr... | S | |
| CVE-2014-10402 | An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files f... | E S |