CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2014

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2014-4531 79 XSS 2014-07-02 2014-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the n parameter.
202 CVE-2014-4529 79 XSS 2014-07-02 2014-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter.
203 CVE-2014-4528 79 XSS 2014-07-01 2014-07-02
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) promo_type, (2) fb_edit_action, or (3) promo_id parameter.
204 CVE-2014-4527 79 XSS 2014-07-02 2014-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.
205 CVE-2014-4526 79 XSS 2014-07-02 2014-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter.
206 CVE-2014-4524 79 XSS 2014-07-02 2014-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in classes/custom-image/media.php in the WP Easy Post Types plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ref parameter.
207 CVE-2014-4522 79 XSS 2014-07-02 2014-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in client-assist.php in the dsSearchAgent: WordPress Edition plugin 1.0-beta10 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
208 CVE-2014-4521 79 XSS 2014-07-01 2014-07-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
209 CVE-2014-4520 79 XSS 2014-07-01 2015-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter.
210 CVE-2014-4518 79 XSS 2014-07-01 2014-07-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter.
211 CVE-2014-4516 79 XSS 2014-07-01 2014-07-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter.
212 CVE-2014-4515 79 XSS 2014-07-01 2015-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter.
213 CVE-2014-4513 79 XSS 2014-07-01 2014-07-01
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.
214 CVE-2014-4511 2 Exec Code 2014-07-22 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
215 CVE-2014-4503 20 DoS 2014-07-23 2014-07-23
4.3
None Remote Medium Not required None None Partial
The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.
216 CVE-2014-4502 119 Overflow 2014-07-23 2015-08-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.
217 CVE-2014-4501 119 Overflow 2014-07-23 2014-07-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.
218 CVE-2014-4347 200 +Info 2014-07-16 2018-10-09
5.0
None Remote Low Not required Partial None None
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.
219 CVE-2014-4346 79 XSS 2014-07-16 2018-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
220 CVE-2014-4342 119 DoS Overflow 2014-07-20 2020-01-21
5.0
None Remote Low Not required None None Partial
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
221 CVE-2014-4341 125 DoS 2014-07-20 2021-02-02
5.0
None Remote Low Not required None None Partial
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
222 CVE-2014-4331 79 XSS 2014-07-19 2018-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/viewer.php in OctavoCMS allows remote attackers to inject arbitrary web script or HTML via the src parameter.
223 CVE-2014-4326 78 Exec Code 2014-07-22 2019-06-17
7.5
None Remote Low Not required Partial Partial Partial
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
224 CVE-2014-4271 2014-07-17 2018-10-09
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Hyperion Essbase component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect availability via unknown vectors related to Agent.
225 CVE-2014-4270 2014-07-17 2018-10-09
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-4269.
226 CVE-2014-4269 2014-07-17 2018-10-09
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-4270.
227 CVE-2014-4268 2014-07-17 2020-09-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
228 CVE-2014-4267 2014-07-17 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components.
229 CVE-2014-4266 2014-07-17 2020-09-08
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.
230 CVE-2014-4265 2014-07-17 2020-09-08
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
231 CVE-2014-4264 2014-07-17 2020-09-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.
232 CVE-2014-4263 2014-07-17 2020-09-08
4.0
None Remote High Not required Partial Partial None
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."
233 CVE-2014-4262 2014-07-17 2020-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
234 CVE-2014-4261 2014-07-17 2018-10-09
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.
235 CVE-2014-4260 2014-07-17 2019-12-17
5.5
None Remote Low ??? None Partial Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
236 CVE-2014-4258 2014-07-17 2019-12-17
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
237 CVE-2014-4257 2014-07-17 2018-10-09
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Portlet Services.
238 CVE-2014-4256 2014-07-17 2018-10-09
5.8
None Remote Medium Not required Partial Partial None
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to WLS - Deployment.
239 CVE-2014-4255 2014-07-17 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Security and Policy.
240 CVE-2014-4254 2014-07-17 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Web Services.
241 CVE-2014-4253 2014-07-17 2018-10-09
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WebLogic Server JVM.
242 CVE-2014-4252 2014-07-17 2020-09-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.
243 CVE-2014-4251 2014-07-17 2018-10-09
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect integrity via vectors related to plugin 1.1.
244 CVE-2014-4250 2014-07-17 2018-10-09
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Siebel Core - Server OM Frwks component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Object Manager.
245 CVE-2014-4249 2014-07-17 2018-10-09
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Mobile Service.
246 CVE-2014-4248 2014-07-17 2018-10-09
1.0
None Local High ??? Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows local users to affect confidentiality via unknown vectors related to Logging.
247 CVE-2014-4247 2014-07-17 2020-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
248 CVE-2014-4246 2014-07-17 2018-10-09
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Hyperion Analytic Provider Services component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via vectors related to SVP.
249 CVE-2014-4245 2014-07-17 2018-10-09
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.
250 CVE-2014-4244 2014-07-17 2020-09-08
4.0
None Remote High Not required Partial Partial None
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
Total number of vulnerabilities : 654   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.