Code injection

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz...

CVE-2014-2717

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page...

DEBIAN-CVE-2014-4987

serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...

CVE-2014-4954

Cross-site scripting XSS vulnerability in the PMAgetHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a...

CVE-2014-1996

Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call...

UBUNTU-CVE-2014-4955

Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...

CVE-2014-2365

CVE-2014-2365 affects Advantech WebAccess before 7.2. An improper access control/flaw in WebAccess components allowed a remote attacker (in some docs, authenticated) to create or delete arbitrary files; ZDI notes a remote code execution path via gmicons.asp and file operations, with exploits publ...

CVE-2014-3323

Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262...

Advantech WebAccess Remote Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. By providing arbitrary values to certai...

CVE-2014-4233

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP...

Design/Logic Flaw

Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED...

CVE-2014-4245

CVE-2014-4245 is an unspecified vulnerability in the RDBMS Core of Oracle Database Server affecting 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The impact is limited to confidentiality and requires remote authenticated access; vectors are unknown. CVSS v2 base score reported as 3.5 (low). Public ...

CVE-2014-4243

CVE-2014-4243 affects the MySQL Server component (Oracle MySQL) prior to 5.5.35 and 5.6.15. The vulnerability could allow remote authenticated users to affect availability via ENFED-related vectors. Open-source/integrated advisories reference MariaDB/RHEL/SUSE mitigations; remediation in these co...

CVE-2014-4235

CVE-2014-4235 affects Oracle E-Business Suite iStore: vulnerable in Oracle iStore component across 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3 with an unspecified vector that securely authenticated users can impact integrity. Root cause and vectors are not disclosed in the provided documents; no re...

CVE-2014-4214

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP...

CVE-2014-4222

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect confidentiality via vectors related to plugin 1.1...

CVE-2014-4229

Technical details about CVE-2014-4229 are not publicly disclosed in the provided documents; no concrete information on affected products, vulnerability type, impact, or remediation is available here. Monitor for official updates.

CVE-2014-2496

CVE-2014-2496 affects Oracle PeopleSoft: PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53. The vulnerability is described as unspecified, allowing remote authenticated users to impact confidentiality and integrity via unknown vectors related to the Test F...

CVE-2014-2456

Technical details for CVE-2014-2456 are not publicly provided in the connected documents. Monitoring for updates is recommended; no concrete vulnerable component, impact, or remediation is described in the supplied materials.