CVE List for October 2014

CVE-2014-6851

The New Beginnings CFC (aka com.goodbarber.nbcfc) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-6852

The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0.9 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-6853

The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL server...

CVE-2014-6854

The EyeXam (aka com.globaleyeventures.eyexam) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-6855

The Long (aka com.imop.longjiang.android) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2003-1598

SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts var...

CVE-2011-4624

Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote ...

CVE-2012-0811

Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL comm...

CVE-2014-2640

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or H...

CVE-2014-2641

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the auth...

CVE-2014-2642

HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVE-2014-3059

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administra...

CVE-2014-3060

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging ...

CVE-2014-3097

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, an...

CVE-2014-4765

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for ...

CVE-2014-4793

IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CO...

CVE-2014-6856

The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-midd...

CVE-2014-6857

The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-6858

The Mostafa Shemeas (aka com.mostafa.shemeas.website) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-6859

The Daum Maps - Subway (aka net.daum.android.map) application 3.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-6860

The Trial Tracker (aka com.etcweb.android.trial_tracker) application 1.1.9 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-6861

The Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) application 3.8.20 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-6862

The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2014-6863

The Mootorratturid & biker.ee (aka ee.digitalfruit.mootorratturid) application 1.0 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-6864

The Forest River Forums (aka com.socialknowledge.forestriverforums) application 3.7.5 for Android does not verify X.509 certificates from SSL servers,...

CVE-2014-6865

The Jamal Bates Show (aka com.conduit.app_3a95e13827c54c4da9056fafb33ecc8d.app) application 1.3.14.254 for Android does not verify X.509 certificates ...

CVE-2014-6866

The HomeAdvisor Mobile (aka com.servicemagic.consumer) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-6867

The Sortir en Alsace (aka com.axessweb.sortirenalsace) application 0.5b for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-6868

The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-6869

The barcode scanner (aka tw.com.books.android.plus) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-6870

The BGEnergy (aka com.bluegrass.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-6871

The Hogs Fly Crazy (aka com.pedrojayme.hogsflycrazy) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-6872

The TTNET Muzik (aka com.ttnet.muzik) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-6873

The AMGC (aka com.amec.uae) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers ...

CVE-2014-6874

The ModSim Connected (aka com.concursive.modsim) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-6875

The Woodforest Mobile Banking (aka com.woodforest) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-6876

The American Express Serve (aka com.serve.mobile) application @7F0901E4 for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-6877

The Santander Personal Banking (aka com.sovereign.santander) application 2.1 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-6878

The RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-6879

The Equifax Mobile (aka com.equifax) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-6880

The TradeHero (aka com.tradehero.th) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-6881

The PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) application before 2.2 for Android does not verify X.509 certificates from SSL server...

CVE-2014-6882

The Western Federal Credit Union (aka com.kerrata.pulse.western) application 2.1 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-6883

The CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-6884

The Ford Credit Account Manager (aka com.fordcredit.accountmanager) application 1.0.1 for Android does not verify X.509 certificates from SSL servers,...

CVE-2014-6885

The Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysports) application 1.18 for Android does not verify X.509 certificates from SSL s...

CVE-2014-6886

The WePhone - phone calls vs skype (aka com.wephoneapp) application 1.03.00 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-6888

The PennyTalk Mobile (aka net.idt.pennytalk.android) application 2.0.3.0 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-6889

The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-6890

The CouponCabin - Coupons & Deals (aka com.couponcabin) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-6892

The kalahari.com Shopping (aka com.kalahari.shop) application 1.4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-6893

The Pushpins Grocery Coupons (aka com.pushpinsapp.pushpins) application 1.56 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-3621

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read se...

CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to ...

CVE-2014-6414

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via u...

CVE-2014-7144

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "ins...

CVE-2014-7154

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, whic...

CVE-2014-7155

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which all...

CVE-2014-7156

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructi...

CVE-2014-7157

Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML ...

CVE-2014-7158

Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of ...

CVE-2014-7188

The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local...

CVE-2014-4809

The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO...

CVE-2014-4823

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Ac...

CVE-2014-6079

Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and ...

CVE-2014-6894

The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-6895

The Throne Rush (aka com.progrestar.bft) application 2.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2014-6896

The Yik Yak (aka com.yik.yak) application 2.0.002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle atta...

CVE-2014-6897

The Skyrim Map (aka com.neko.skyrimmap) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-6898

The Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-6899

The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-6900

The EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) application 6.1.1.2 for Android does not verify X.509 certificates from SSL serv...

CVE-2014-6901

The RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application 3.2.4 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-6902

The Anjuke (aka com.anjuke.android.app) application 7.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-6903

The Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application 1 for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-6905

The H2O Human Harmony Organization (aka com.netpia.ha.theh2o) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-7217

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote ...

CVE-2014-3947

Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arb...

CVE-2014-6288

The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors.

CVE-2014-6289

The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension befor...

CVE-2014-6290

The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize...

CVE-2014-6291

Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to in...

CVE-2014-6292

The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified ve...

CVE-2014-6293

SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands vi...

CVE-2014-6294

Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attacke...

CVE-2014-6295

SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via un...

CVE-2014-6296

Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web scr...

CVE-2014-6297

Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HT...

CVE-2014-6298

Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading...

CVE-2014-6299

Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication ...

CVE-2014-0754

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before ...

CVE-2014-5410

The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controlle...

CVE-2014-6906

The Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-6907

The Rakuten Install (aka co.jp.rakuten.installapp) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-6908

The Forum IC (aka com.tapatalk.forumimmigrercom) application 3.3.12 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-6909

The Coca-Cola FM Peru (aka com.enyetech.radio.coca_cola.fm_pe) application 2.0.41716 for Android does not verify X.509 certificates from SSL servers, ...

CVE-2014-6910

The MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) application 1.7.2 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-6911

The diziturky HD 2015 (aka com.adv.diziturky) application 2014 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-6912

The IRA's 59th Annual Conference (aka com.coreapps.android.followme.ira_14) application 6.0.7.6 for Android does not verify X.509 certificates from SS...

CVE-2014-6913

The Dive The World (aka com.paperton.wl.divetheworld) application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-6914

The Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-6916

The mama.cn (aka cn.ziipin.mama.ui) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-6917

The www.knote.kr Smart (aka kr.or.knote.android) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-6918

The Bikers Underground (aka hr.ap.n66871172) application 4.5.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-6919

The Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-6920

The Canal 44 (aka com.canal.canal44) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-6921

The Buckhorn Grill (aka com.orderingapps.buckhorn) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-6922

The KFAI Community Radio (aka com.skyblue.pra.kfai) application 2.0.4 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-6923

The Dubrovnik Guided Walking Tours (aka com.mytoursapp.android.app351) application 1.3.2 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-6924

The Metro News (aka com.netpia.ha.metro) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-6925

The Steyr Forum (aka com.tapatalk.steyrclubcomvb) application 3.9.12 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-6926

The Allt om Brollop (aka com.paperton.wl.alltombrollop) application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-6927

The Myanmar Housing : mmHome (aka com.mmhome3) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-6928

The Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-6929

The AIHce 2014 (aka com.coreapps.android.followme.aihce2014) application 6.1.0.0 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-6930

The Abram Radio Groove! (aka com.nobexinc.wls_79226887.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-6931

The Treves Dance Center (aka com.myapphone.android.myapptrvesdancecenter) application 1.0 for Android does not verify X.509 certificates from SSL serv...

CVE-2014-6932

The All Navalny (aka com.all.navalny) application 1.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-6933

The Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7277

Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remo...

CVE-2014-7278

The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (p...

CVE-2014-2643

Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors.

CVE-2014-2645

HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors.

CVE-2014-3396

Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass ...

CVE-2014-3398

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-versio...

CVE-2014-3400

Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.

CVE-2014-7861

The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code ...

CVE-2013-2645

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to...

CVE-2014-2644

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML...

CVE-2013-6496

Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) ...

CVE-2014-0074

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an em...

CVE-2014-0140

Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct ...

CVE-2014-0168

Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests tha...

CVE-2014-0994

Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarca...

CVE-2014-3521

The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access res...

CVE-2014-3608

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of servic...

CVE-2014-3633

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, ...

CVE-2014-3642

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated u...

CVE-2014-3657

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remot...

CVE-2014-5389

SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute ar...

CVE-2014-6054

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of ...

CVE-2014-7869

Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote...

CVE-2014-7870

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote auth...

CVE-2013-1436

The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which a...

CVE-2013-7329

The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive informa...

CVE-2014-0397

Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to "Buffer errors."

CVE-2014-1224

Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote atta...

CVE-2014-1868

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of ...

CVE-2014-1875

The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.

CVE-2014-2044

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass int...

CVE-2014-4043

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which a...

CVE-2014-4510

Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafte...

CVE-2014-6389

backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter.

CVE-2014-6409

Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators fo...

CVE-2014-6607

M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of oth...

CVE-2014-0940

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attac...

CVE-2014-3399

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information duri...

CVE-2014-4802

The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task ...

CVE-2014-4868

The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux com...

CVE-2014-4869

The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membersh...

CVE-2014-4870

/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parame...

CVE-2014-4871

Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows...

CVE-2014-6287

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to exec...

CVE-2014-3565

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a...

CVE-2014-3632

The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack...

CVE-2014-5501

Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to exec...

CVE-2014-5502

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key...

CVE-2014-5503

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to ex...

CVE-2014-6433

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.

CVE-2014-6434

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.

CVE-2014-6603

The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of se...

CVE-2014-7189

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors...

CVE-2014-7204

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaS...

CVE-2014-7235

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1...

CVE-2014-7295

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote ...

CVE-2014-7273

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-7274

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) fi...

CVE-2014-7275

The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-7299

Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remot...

CVE-2014-3187

Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:...

CVE-2014-3188

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote...

CVE-2014-3189

The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image...

CVE-2014-3190

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, al...

CVE-2014-3191

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly...

CVE-2014-3192

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation i...

CVE-2014-3193

The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to ca...

CVE-2014-3194

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of serv...

CVE-2014-3195

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized m...

CVE-2014-3196

base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory,...

CVE-2014-3197

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, do...

CVE-2014-3198

The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value...

CVE-2014-3199

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erro...

CVE-2014-3200

Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact ...

CVE-2014-7967

Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial ...

CVE-2014-5308

Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name paramete...

CVE-2014-6394

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote...

CVE-2014-7185

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a...

CVE-2014-7205

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for N...

CVE-2014-7978

Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "admini...

CVE-2014-7979

Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "adminis...

CVE-2014-7980

Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow re...

CVE-2014-3641

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinde...

CVE-2014-5300

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execut...

CVE-2014-5375

The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which ...

CVE-2014-5376

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the acto...

CVE-2014-6631

Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary...

CVE-2014-6632

Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions ...

CVE-2014-7202

stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connect...

CVE-2014-7203

libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks ...

CVE-2014-7229

Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of servic...

CVE-2014-7230

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users t...

CVE-2014-7231

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not...

CVE-2014-7296

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users...

CVE-2014-7981

SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vect...

CVE-2014-7982

Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web scrip...

CVE-2014-7983

Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary we...

CVE-2014-7984

Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GM...

CVE-2014-8068

Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive...

CVE-2014-8075

Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissio...

CVE-2014-8076

Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administ...

CVE-2014-8077

Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticat...

CVE-2014-8078

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, a...

CVE-2014-8079

Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer th...

CVE-2013-4488

libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.

CVE-2014-2635

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343.

CVE-2014-2636

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336.

CVE-2014-2637

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342.

CVE-2014-2638

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344.

CVE-2014-2646

Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors.

CVE-2014-2648

Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.

CVE-2014-2649

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.

CVE-2014-3147

Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject ar...

CVE-2014-3201

core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a ce...

CVE-2014-3403

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoo...

CVE-2014-3404

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trig...

CVE-2014-3405

Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Auton...

CVE-2014-4661

Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web...

CVE-2014-5270

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which ma...

CVE-2014-5297

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP obje...

CVE-2014-5298

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload black...

CVE-2014-5351

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a respon...

CVE-2014-6439

Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web...

CVE-2014-7046

The George Wassouf (aka com.devkhr32.georgewassouf) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7047

The Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7226

The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with...

CVE-2014-3382

The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before...

CVE-2014-3383

The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device rel...

CVE-2014-3384

The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote ...

CVE-2014-3385

Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 b...

CVE-2014-3386

The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before...

CVE-2014-3387

The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before ...

CVE-2014-3388

The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a de...

CVE-2014-3389

The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1....

CVE-2014-3390

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3...

CVE-2014-3391

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by pl...

CVE-2014-3392

The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before...

CVE-2014-3393

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 befo...

CVE-2014-3394

The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13),...

CVE-2014-3402

The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection S...

CVE-2014-3581

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attac...

CVE-2014-4761

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5....

CVE-2014-4867

Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access...

CVE-2014-4872

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary ...

CVE-2014-4873

SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands...

CVE-2014-4874

BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.

CVE-2014-3678

Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or ...

CVE-2014-4312

Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary ...

CVE-2014-4313

SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field.

CVE-2014-4737

Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_I...

CVE-2014-6243

Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web...

CVE-2014-6315

Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to ...

CVE-2014-7139

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 fo...

CVE-2014-7200

Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO...

CVE-2014-7201

Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0...

CVE-2014-6887

The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-6891

The Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) application 1.4 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-6904

The Safe Browser - The Web Filter (aka com.cloudacl) application 1.2.5 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-6934

The Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) application 1.8 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-6935

The ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) application 1.4 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-6936

The IDS 2013 (aka de.mobileeventguide.ids2013) application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-6937

The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) application 3.3.6 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-6938

The Apostilas musicais (aka com.apostilas) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-6939

The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application 5.0.0 for Android does not verify X.509 certificates from SSL se...

CVE-2014-6940

The Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D76286562) application 1.0073.b0073 for Android does not verify X.509 certificate...

CVE-2014-6941

The NOS Alive (aka pt.optimus.optimusalive2011) application 5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-5327

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of ...

CVE-2014-5328

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of ...

CVE-2014-1571

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authentica...

CVE-2014-1572

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4...

CVE-2014-1573

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a s...

CVE-2014-3091

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML vi...

CVE-2014-7283

The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree ...

CVE-2014-7284

The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not pe...

CVE-2014-7297

Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors.

CVE-2014-7970

The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directo...

CVE-2014-7975

The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that c...

CVE-2014-8086

Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service...

CVE-2014-8743

Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with cert...

CVE-2014-8744

Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "admi...

CVE-2014-8745

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote auth...

CVE-2014-8746

Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users wi...

CVE-2014-8747

Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary we...

CVE-2014-8748

Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authent...

CVE-2014-3818

Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 ...

CVE-2014-3825

The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, ...

CVE-2014-6313

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script o...

CVE-2014-6377

Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before 15.1.0, when DEBUG severity icmpTraffic logging is enabled, allows remote attack...

CVE-2014-6378

Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, ...

CVE-2014-6379

Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X5...

CVE-2014-6380

Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50...

CVE-2014-8069

Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via th...

CVE-2014-8070

Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attack...

CVE-2014-8765

Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1)...

CVE-2014-8766

Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in ...

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-mi...

CVE-2014-0558

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0...

CVE-2014-0564

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0...

CVE-2014-0569

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Ado...

CVE-2014-0570

Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Upd...

CVE-2014-0571

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14,...

CVE-2014-0572

Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users t...

CVE-2014-1574

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 3...

CVE-2014-1575

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory ...

CVE-2014-1576

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x bef...

CVE-2014-1577

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2...

CVE-2014-1578

The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause ...

CVE-2014-1580

Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from pro...

CVE-2014-1581

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2...

CVE-2014-1582

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and H...

CVE-2014-1583

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers t...

CVE-2014-1584

The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which m...

CVE-2014-1585

The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x befo...

CVE-2014-1586

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider wheth...

CVE-2014-4073

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, whic...

CVE-2014-4075

Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attacker...

CVE-2014-4113

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wind...

CVE-2014-4114

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows R...

CVE-2014-4115

fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly...

CVE-2014-4117

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Aut...

CVE-2014-4121

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows re...

CVE-2014-4122

Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive in...

CVE-2014-4123

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil...

CVE-2014-4124

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil...

CVE-2014-4126

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted...

CVE-2014-4127

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf...

CVE-2014-4128

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf...

CVE-2014-4129

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web sit...

CVE-2014-4130

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si...

CVE-2014-4132

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si...

CVE-2014-4133

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted w...

CVE-2014-4134

Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craft...

CVE-2014-4137

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted w...

CVE-2014-4138

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si...

CVE-2014-4140

Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explore...

CVE-2014-4141

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf...

CVE-2014-4148

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wind...

CVE-2014-6942

The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-6943

The Konigsleiten (aka com.knigsleiten) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-6944

The mitfahrgelegenheit.at (aka com.carpooling.android.at) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-6945

The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-6946

The Re:kyu (aka com.appzone619) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attack...

CVE-2014-6947

The Archie Comics (aka com.iversecomics.archie.android) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-6948

The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) application 1.0 for Android does not verify X.509 certificates from SSL servers,...

CVE-2014-6949

The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application 1.0 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-6950

The Mt. Airy News (aka com.soln.SBE4A803AD6430A6E9DBA5688AA644148) application 1.0069.b0069 for Android does not verify X.509 certificates from SSL se...

CVE-2014-6951

The OneFile Ignite (aka uk.co.onefile.ignite) application 1.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-6952

The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-1829

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected reque...

CVE-2014-1830

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redir...

CVE-2014-2022

SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated use...

CVE-2014-2576

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for r...

CVE-2014-2927

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 1...

CVE-2014-3593

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted ...

CVE-2014-3664

Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to...

CVE-2014-3681

Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML...

CVE-2014-6312

Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows rem...

CVE-2014-7206

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.

CVE-2014-8293

Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMG_...

CVE-2014-8294

Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp...

CVE-2014-8295

SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.

CVE-2014-8750

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to acces...

CVE-2014-2472

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availab...

CVE-2014-2473

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availab...

CVE-2014-2474

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availab...

CVE-2014-2475

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to a...

CVE-2014-2476

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availab...

CVE-2014-2478

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to ...

CVE-2014-4274

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, an...

CVE-2014-4275

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module.

CVE-2014-4276

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related ...

CVE-2014-4277

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install ...

CVE-2014-4278

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 ...

CVE-2014-4280

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IP...

CVE-2014-4281

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote a...

CVE-2014-4282

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Ke...

CVE-2014-4283

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install ...

CVE-2014-4284

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IP...

CVE-2014-4285

Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integ...

CVE-2014-4287

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability vi...

CVE-2014-4288

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un...

CVE-2014-4289

Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users...

CVE-2014-4290

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote aut...

CVE-2014-4291

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote aut...

CVE-2014-4292

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote aut...

CVE-2014-4293

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote aut...

CVE-2014-4294

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authen...

CVE-2014-4295

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authen...

CVE-2014-4296

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote aut...

CVE-2014-4297

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote aut...

CVE-2014-4298

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authentic...

CVE-2014-4299

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authentic...

CVE-2014-4300

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authentic...

CVE-2014-4310

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote aut...

CVE-2014-6452

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authentic...

CVE-2014-6453

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authen...

CVE-2014-6454

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authentic...

CVE-2014-6455

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authentic...

CVE-2014-6456

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown v...

CVE-2014-6457

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attack...

CVE-2014-6458

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown...

CVE-2014-6459

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availab...

CVE-2014-6460

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenti...

CVE-2014-6461

Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.2 allows remote authenticated users to affect confide...

CVE-2014-6462

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote attackers to affect i...

CVE-2014-6463

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability vi...

CVE-2014-6464

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability vi...

CVE-2014-6465

Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remot...

CVE-2014-6466

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, int...

CVE-2014-6467

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authen...

CVE-2014-6468

Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related...

CVE-2014-6469

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability vi...

CVE-2014-6470

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors relat...

CVE-2014-6471

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows re...

CVE-2014-6472

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12....

CVE-2014-6473

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vector...

CVE-2014-6474

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SE...

CVE-2014-6475

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenti...

CVE-2014-6476

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a dif...

CVE-2014-6478

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors r...

CVE-2014-6479

Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authe...

CVE-2014-6482

Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticate...

CVE-2014-6483

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect conf...

CVE-2014-6484

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability ...

CVE-2014-6485

Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via ...

CVE-2014-6486

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect in...

CVE-2014-6487

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remot...

CVE-2014-6488

Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5...

CVE-2014-6489

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors...

CVE-2014-6490

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component.

CVE-2014-6491

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrit...

CVE-2014-6492

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrit...

CVE-2014-6493

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un...

CVE-2014-6494

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vector...

CVE-2014-6495

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vector...

CVE-2014-6496

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vector...

CVE-2014-6497

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel.

CVE-2014-6498

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, ...

CVE-2014-6499

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 all...

CVE-2014-6500

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integr...

CVE-2014-6501

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH.

CVE-2014-6502

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via u...

CVE-2014-6503

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un...

CVE-2014-6504

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via u...

CVE-2014-6505

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability ...

CVE-2014-6506

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality...

CVE-2014-6507

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiali...

CVE-2014-6508

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM)...

CVE-2014-6511

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related...

CVE-2014-6512

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attacke...

CVE-2014-6513

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integr...

CVE-2014-6515

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment...

CVE-2014-6516

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows local users to affect confidential...

CVE-2014-6517

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to af...

CVE-2014-6519

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors ...

CVE-2014-6520

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SE...

CVE-2014-6522

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.4, 12.1.2.0, and 12.1.3.0 allows remote atta...

CVE-2014-6523

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote a...

CVE-2014-6527

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a dif...

CVE-2014-6529

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related ...

CVE-2014-6530

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiali...

CVE-2014-6531

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality...

CVE-2014-6532

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via un...

CVE-2014-6533

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1 and 6.2 allows remote attackers ...

CVE-2014-6534

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 all...

CVE-2014-6535

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote attacker...

CVE-2014-6536

Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity...

CVE-2014-6537

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authen...

CVE-2014-6538

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authen...

CVE-2014-6539

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12....

CVE-2014-6540

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 al...

CVE-2014-6542

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authentic...

CVE-2014-6543

Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confident...

CVE-2014-6544

Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users...

CVE-2014-6545

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authen...

CVE-2014-6546

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote aut...

CVE-2014-6547

Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote aut...

CVE-2014-6550

Unspecified vulnerability in the Oracle Applications Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect i...

CVE-2014-6551

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors re...

CVE-2014-6552

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote ...

CVE-2014-6553

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect c...

CVE-2014-6554

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote authenticated users t...

CVE-2014-6555

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality...

CVE-2014-6557

Unspecified vulnerability in the Application Performance Management component in Oracle Enterprise Manager Grid Control before 12.1.0.6.2 allows remot...

CVE-2014-6558

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote...

CVE-2014-6559

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vec...

CVE-2014-6560

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authen...

CVE-2014-6561

Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2...

CVE-2014-6562

Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors re...

CVE-2014-6563

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authen...

CVE-2014-6564

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SE...

CVE-2014-3686

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows re...

CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which all...

CVE-2014-7237

lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload fi...

CVE-2014-8296

Cross-site scripting (XSS) vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary w...

CVE-2014-3661

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI han...

CVE-2014-3662

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

CVE-2014-3663

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and cr...

CVE-2014-3666

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.

CVE-2014-3667

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall...

CVE-2014-3679

The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages.

CVE-2014-3680

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the passwor...

CVE-2014-4881

The PartyTrack library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ...

CVE-2014-6953

The AFTERLIFE WITH ARCHIE (aka com.afterlifewitharchie.afterlifewitharchie) application 2.4.1 for Android does not verify X.509 certificates from SSL ...

CVE-2014-6954

The Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) application 4.0.1 for Android does not verify X.509 certificates from SSL server...

CVE-2014-6955

The Le Grand Bleu (aka com.appzone468) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-6956

The Hydrogen Water (aka com.appzone628) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-6957

The scottcolibmn (aka com.bredir.boopsie.scottlib) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-6958

The ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb14) application 6.0.8.5 for Android does not verify X.509 certificates from SSL s...

CVE-2014-6959

The QinCard (aka com.haowan.qincard) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-6960

The Multitrac (aka com.multitrac) application 1.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle att...

CVE-2014-6961

The SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-6962

The Elk Grove PublicStuff (aka com.wassabi.elkgrove) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-6963

The feiron (aka es.sw.feironmobile.app) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-6964

The Hanyang University Admissions (aka kr.ac.hanyang.planner) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-6965

The FAZ.NET (aka net.faz.FAZ) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attack...

CVE-2014-6966

The West Bend School District (aka net.parentlink.westbend) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-6967

The Albion College (aka com.vivomobile.albioncollege) application 2.1.16 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-6968

The Grandma's Grotto (aka com.mobileappsuite.grandmasgrotto) application 1 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-6969

The Deltin Suites (aka com.DeltinSuites) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-6970

The North American Ismaili Games (aka hr.apps.n166983741) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-6971

The Easy Video Downloader (aka com.simon.padillar.EasyVideo) application 4.4.1 for Android does not verify X.509 certificates from SSL servers, which ...

CVE-2014-6972

The Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-6973

The Care4Kids (aka com.codetherapy.care4kids) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-6974

The MifaShow Hairstyles (aka com.mifashow) application 3.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-6975

The Twin Lin (aka com.twinlin.twmo) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle atta...

CVE-2014-6976

The Aeroexpress (aka ru.lynx.aero) application 2.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-6977

The eLearn (aka com.desire2learn.campuslife.chattanoogastate.edu.directory) application 1.0.649.1194 for Android does not verify X.509 certificates fr...

CVE-2014-6978

The Karim Rahal Essoulami (aka com.karim.rahal.essoulami.lcxogeyuizteegxvnq) application 1.0 for Android does not verify X.509 certificates from SSL s...

CVE-2014-6979

The MiWay Insurance Ltd (aka com.MiWay.MD) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-6980

The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-6981

The Taiwan Business Bank (aka com.mitake.TBB) application 2.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-6982

The Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-6983

The NBE (aka com.nbe.app) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to...

CVE-2014-6984

The Shots (aka com.shots.android) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at...

CVE-2014-6985

The Georgia Packing (aka com.tapatalk.georgiapackingorg) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-6986

The Pregnancy Tips (aka com.rareartifact.tipsforpregnant71C80129) application 1.0 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-6987

The Mass Gaming TV (aka net.massgamers) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-6988

The Quotes in Images (aka pt.lumberapps.imagensfrases) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-6989

The Germanwings (aka com.germanwings.android) application 2.1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-6990

The Albasit artes y danza (aka com.adianteventures.adianteapps.albasit_artes_y_danza) application 1.2 for Android does not verify X.509 certificates f...

CVE-2014-6991

The LiveAuctions.tv (aka air.LiveAndroidMaxx) application 2.005 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-6992

The Timeless Black (aka com.apptive.android.apps.timeless) application 2.10.6 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-6993

The Codeeta Coupons (aka com.codeeta.promos) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-6994

The Atecea (aka com.atecea) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers ...

CVE-2014-6995

The adidas eyewear (aka com.adidasep.eyewear) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-6996

The Martial Arts Battle Card (aka com.tapenjoy.zjh.tw) application 1.0.9 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-6997

The Dino Village (aka com.tappocket.dinovillage) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-6998

The PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) application 4 for Android does not verify X.509 certificates from SSL servers, ...

CVE-2014-6999

The Questoes OAB (aka com.pedefeijao.questoesoab) application oab_android_1.2 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7000

The Paul Alexander Campaign (aka hr.apps.n51261427) application 4.5.8 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7001

The Jian Ren (aka cn.sh.scustom.janren) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7002

The Sopexa Pavillon France (aka com.goomeoevents.pavillonfrance) application 3.6.5 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-7003

The Goodwin (aka com.goodwin.Goodwin) application 1.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-7004

The PETA (aka com.peta.android) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attack...

CVE-2014-7005

The Foconet (aka suporte.com.foconet) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7006

The HydFM (aka com.apheliontechnologies.hydfm) application 1.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7007

The Master Mix (aka com.nobexinc.wls_24832536.rc) application 3.3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7008

The Forum FrAndroid beta (aka com.tapatalk.forumfrandroidcom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-7009

The HKBN My Account (aka com.hkbn.myaccount) application @7F070015 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7010

The UTSA Mobile (aka com.dub.app.utsa) application 1.4.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7011

The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7012

The Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7013

The Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) application 0.0.4 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-7015

The JJ Texas Hold'em Poker (aka cn.jj.poker) application 1.13.23.HD for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7016

The Mahasna Batik (aka com.batik.mahasna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7017

The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application 2.2 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7018

The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.0626 for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-7019

The Clarks Inn (aka com.ClarksInn) application 3.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-7020

The Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) application 3.9.30 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-7021

The Leg Surgery - Kids Games (aka com.harriskerioe.legsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7022

The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application 3.6.9 for Android does not verify X.509 certificates from SSL servers...

CVE-2014-7023

The Find Color (aka com.chudong.color) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-midd...

CVE-2014-7024

The Hardest Game Collection (aka com.lotfun.abuse) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7025

The Who-is-it? Lite name caller time limited free (aka de.profiler.android.whoisit) application 1.0 for Android does not verify X.509 certificates fro...

CVE-2014-7026

The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7027

The Esercizi per le donne (aka com.rareartifact.eserciziperledonne6D5578C6) application 1.0 for Android does not verify X.509 certificates from SSL se...

CVE-2014-7028

The Ibis pau centre (aka com.myapphone.android.myappibispaucentre) application 1.0 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-7029

The Bultmonster Registret (aka com.bultmonster.registret) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7030

The Dieta Dukan passo a passo (aka com.rareartifact.dukanpasoapaso82BE0897) application 1.0 for Android does not verify X.509 certificates from SSL se...

CVE-2014-7031

The RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7032

The MYHABIT (aka com.amazon.myhabit) application @7F080041 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-7033

The Cure Viewer (aka com.livedoor.android.cureviewer) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7034

The Senator Inn & Spa (aka com.conduit.app_cc06e8e9659c4cf7b361ad0b7717f3a4.app) application 1.2.2.160 for Android does not verify X.509 certificates ...

CVE-2014-7035

The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7036

The Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7037

The Noble Sticker "FREE" (aka com.kuronecostudio.kizokustamp.free) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, ...

CVE-2014-7038

The Al Jazeera (aka com.Al.Jazeera.net) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-7039

The Wild Women United (aka com.wildwomenunited) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-7040

The UniCredit Investors (aka eu.unicreditgroup.brand.ucinvestors) application 1.0 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-7041

The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7042

The My nTelos (aka com.telespree.ntelospostpay) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7043

The Cadpage (aka net.anei.cadpage) application 1.7.44 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7044

The Street Walker (aka kt.road.StreetWalker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7045

The Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which ...

CVE-2014-7048

The Bear ID Lock (aka com.wBearIDLock) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-7049

The SomTodo - Task/To-do widget (aka com.somcloud.somtodo) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7050

The givenu give (aka com.givenu.give) application 1.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-7138

Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary w...

CVE-2014-7181

Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary ...

CVE-2014-8240

Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to...

CVE-2014-8301

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script...

CVE-2014-8302

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows rem...

CVE-2014-8303

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to injec...

CVE-2014-8304

Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the nex...

CVE-2014-8305

Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users ...

CVE-2014-8306

SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL co...

CVE-2014-8307

Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arb...

CVE-2014-8308

Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbit...

CVE-2014-8309

SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depend...

CVE-2014-8310

The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFacto...

CVE-2014-8311

SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.

CVE-2014-8312

Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS...

CVE-2014-8313

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unsp...

CVE-2014-8314

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or...

CVE-2014-8315

polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows...

CVE-2014-8316

XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary...

CVE-2014-8317

Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote a...

CVE-2014-8318

Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for ...

CVE-2014-8319

Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows...

CVE-2014-8320

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote auth...

CVE-2013-7330

Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.

CVE-2014-2058

BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs...

CVE-2014-2060

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.

CVE-2014-2061

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading...

CVE-2014-2062

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retai...

CVE-2014-2063

Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVE-2014-2064

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attack...

CVE-2014-2065

Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML...

CVE-2014-2066

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the...

CVE-2014-2068

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated user...

CVE-2014-7960

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multip...

CVE-2014-8074

Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote at...

CVE-2014-8755

Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer derefere...

CVE-2014-8756

The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVO...

CVE-2014-2559

Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to h...

CVE-2014-2995

Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated adminis...

CVE-2014-2278

Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute a...

CVE-2014-2279

Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to ...

CVE-2014-6283

SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, whic...

CVE-2014-3573

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which a...

CVE-2014-4351

Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application cr...

CVE-2014-4391

The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote atta...

CVE-2014-4417

Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that trigge...

CVE-2014-4425

CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it e...

CVE-2014-4426

AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to o...

CVE-2014-4427

App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.

CVE-2014-4428

Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by levera...

CVE-2014-4430

CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physic...

CVE-2014-4431

Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leverag...

CVE-2014-4432

fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which migh...

CVE-2014-4433

Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resour...

CVE-2014-4434

The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) v...

CVE-2014-4435

The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for ...

CVE-2014-4436

IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.

CVE-2014-4437

LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler...

CVE-2014-4438

Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstatio...

CVE-2014-4439

Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attack...

CVE-2014-4440

The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, w...

CVE-2014-4441

NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers...

CVE-2014-4442

The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.

CVE-2014-4443

Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.

CVE-2014-4444

SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain...

CVE-2014-4446

Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to b...

CVE-2014-4447

Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) ...

CVE-2014-2358

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances ...

CVE-2014-2647

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows...

CVE-2014-3021

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which a...

CVE-2014-3368

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device re...

CVE-2014-3369

The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to caus...

CVE-2014-3370

Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device ...

CVE-2014-3381

The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which a...

CVE-2014-3397

The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via cr...

CVE-2014-3406

Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a d...

CVE-2014-3408

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML...

CVE-2014-3513

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consum...

CVE-2014-3567

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attac...

CVE-2014-3568

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers...

CVE-2014-4822

IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users t...

CVE-2014-4825

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to d...

CVE-2014-4827

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web s...

CVE-2014-4828

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request.

CVE-2014-4830

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes...

CVE-2014-4833

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input.

CVE-2014-4836

Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3,...

CVE-2014-4837

Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3....

CVE-2014-4838

Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 befor...

CVE-2014-4840

IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attacker...

CVE-2014-5330

Cross-site scripting (XSS) vulnerability in BirdBlog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-5331

Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-5420

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authen...

CVE-2014-5421

CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users...

CVE-2014-5422

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers ...

CVE-2014-5423

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a t...

CVE-2014-5425

IOServer before Beta2112.exe allows remote attackers to cause a denial of service (out-of-bounds read and master entry consumption) via a null DNP3 he...

CVE-2014-6100

Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-I...

CVE-2014-6116

The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig pro...

CVE-2014-7053

The City Star ME (aka com.citystarme) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7054

The musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers,...

CVE-2014-7055

The NCCI's Annual Issues Symposium (aka com.quickmobile.ais14) application 1.0 for Android does not verify X.509 certificates from SSL servers, which ...

CVE-2014-7057

The Hong Kong Tatler Society (aka com.magzter.hongkongtatlersociety) application 3.0 for Android does not verify X.509 certificates from SSL servers, ...

CVE-2014-7058

The Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) application 2.1 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7059

The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7060

The Your Tango (aka com.your.tango) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at...

CVE-2014-7061

The MODSIM World 2014 (aka com.concursive.modsimworld) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7062

The Association Min Ajlik (aka com.association.min.ajlik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7063

The Bikers Romagna (aka com.bikers.romagna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2014-7064

The ben10 omniverse walkthrough (aka com.wben10omniverse2walkthrough) application 0.7 for Android does not verify X.509 certificates from SSL servers,...

CVE-2014-7065

The Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) application 0.70.13414.17619 for Android does not verify X.509 certificates from ...

CVE-2014-7066

The LegalEra (aka com.magzter.legalera) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-7067

The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7068

The Neumann Student Activities (aka com.appmakr.app153856) application 216607 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7069

The Aventino Brand (aka com.AventinoBrand) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-7071

The Autocar India (aka com.magzter.autocarindia) application 3.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7072

The Venezia map (aka com.wVeneziamap) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7073

The Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) application 0.1 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7076

The Sanctuary Asia (aka com.magzter.sanctuaryasia) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7077

The Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7078

The Payoneer Sign Up (aka com.wPayoneerSignUp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7082

The No Disturb (aka com.blogspot.imapp.imnodisturb) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7085

The i Newspaper (aka com.independent.thei) application @7F080184 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7086

The Killer Screen lock (aka com.cc.theme.shashou) application 0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7087

The Top Roller Coasters Europe 1 (aka com.appaapps.top10tallesteuropeanrollercoasters1) application @7F050001 for Android does not verify X.509 certif...

CVE-2014-7088

The JDM Lifestyle (aka com.hondatech) application 6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7089

The COMPETITION INFORMATION (aka com.ear.bilgiyarismasi) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7090

The MyVCCCD (aka com.dub.app.ventura) application 1.4.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-midd...

CVE-2014-7091

The Sacramento Kings (aka com.tibco.gse.sports) application 6.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7092

The Ubooly (aka com.ubooly.ubooly) application 4.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-7093

The Superbike Magazine (aka com.triactivemedia.superbike) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-7098

The Fylet Secure Large File Sender (aka com.application.fyletFileSender) application 2.0 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-7099

The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7101

The Talk Radio Europe (aka com.nobexinc.wls_31251464.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7102

The Car Insurance Quote Comparison (aka com.seopa.quotezone) application 2.3 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7103

The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application 6.0 for Android does not verify X.509 certificates from SSL servers...

CVE-2014-7104

The gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-7106

The Orakel-Ball (aka com.wOrakelball) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7107

The Human Factor (aka com.magzter.thehumanfactor) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (m...

CVE-2014-7874

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.3...

CVE-2014-7052

The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application 2.4.9.7 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7056

The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7070

The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7075

The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7079

The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7080

The Sigong ebook (aka com.sigongsa.sigonggenre) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7083

The Jiu Jik (aka com.scmp.jiujik) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at...

CVE-2014-7084

The Hesheng 80 (aka com.ireadercity.c29) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-7100

The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle atta...

CVE-2014-7108

The Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) application 1.2 for Android does not verify X.509 certificates from SSL servers, ...

CVE-2014-7109

The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-7111

The Android Excellence (aka an.exc.ap) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-midd...

CVE-2014-7113

The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7115

The Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) application 0.1 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-7116

The NRA Journal (aka com.magazinecloner.nationalrifleassociationjournal) application @7F080181 for Android does not verify X.509 certificates from SSL...

CVE-2014-7117

The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0.29 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7118

The Itography Item Hunt (aka com.itography.application) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7119

The GNAM 2013 (aka com.beepeers.gndam) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-7120

The Model Laboratory (aka com.magazinecloner.modellaboratory) application @7F080193 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-7121

The Dhanam (aka com.magzter.dhanam) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at...

CVE-2014-7122

The Lansing State Journal Print (aka com.lansingjournal.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers,...

CVE-2014-7123

The Brevir Harian V2 (aka com.brevir.harian.v) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7124

The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-7125

The Motor (aka com.magzter.motorhwpublishing) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-7127

The Football Espana magazine (aka com.triactivemedia.footballespana) application @7F0801AA for Android does not verify X.509 certificates from SSL ser...

CVE-2014-7128

The Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7129

The Argus Leader Print Edition (aka com.argusleader.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-7131

The Digital Content NewFronts 2014 (aka com.coreapps.android.followme.newfronts2014) application 6.0.7.6 for Android does not verify X.509 certificate...

CVE-2014-7132

The Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application 13523.82613 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7134

The PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7135

The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CVE-2014-7307

The ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) application 1.1 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7309

The Where2Stop-Cardlocks-Free (aka appinventor.ai_kidatheart99.Where2Stop_Cardlocks) application 6.1 for Android does not verify X.509 certificates fr...

CVE-2014-7310

The Ali Visual (aka com.ali.visual) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at...

CVE-2014-7313

The One You Fitness (aka com.app_oneyou.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7314

The Intelligent SME (aka com.magzter.intelligentsme) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7315

The Where Atlanta (aka com.magzter.whereatlanta) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7316

The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7317

The Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, ...

CVE-2014-7320

The SHIRAKABA (aka com.SHIRAKABA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle atta...

CVE-2014-7321

The Firenze map (aka com.wFirenzemap) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7323

The Dignity Dialogue (aka com.magzter.dignitydialogue) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7325

The Business Intelligence (aka com.magzter.businessintelligence) application 3.0 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7326

The ETA Mobile (aka com.en2grate.etamobile) application 1.6.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-7327

The Macau Business (aka com.magzter.macaubusiness) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7328

The brain abundance info (aka com.wbrainabundance) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7329

The Motoring Classics (aka com.aptusi.android.motoring) application 1.8.6 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7330

The XtendCU Mobile (aka com.metova.cuae.xtend) application 1.0.28 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7331

The TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application 0.21.13245.84038 for Android does not verify X.509 certificates from SSL servers,...

CVE-2014-7333

The Aloha Guide (aka com.aloha.guide.japnese) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-7334

The Where Dallas (aka com.magzter.wheredallas) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7335

The Liver Health - Hepatitis C (aka gov.nyc.dohmh.HepC) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7336

The Taking Your Company Public (aka biz.app4mobile.app_016e43d03ee54d1facd6c9532a00e724.app) application 1.28.44.441 for Android does not verify X.509...

CVE-2014-7337

The Acorn Estate Agents (aka com.acorn.ea) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-7338

The faailkhair (aka com.faailkhair.app) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-7339

The Cuanto Conoces A un Amigo (aka com.makeitpossible.CuantoConocesAunAmigo) application 2.0 for Android does not verify X.509 certificates from SSL s...

CVE-2014-7340

The Old Bike Mart (aka com.magazinecloner.oldbike) application @7F08017E for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7341

The SAsync (aka com.sasync.sasyncmap) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-7342

The Echo News (aka com.solo.report) 1.10 application (beta) for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2014-7344

The Classic Arms & Militaria (aka com.magazinecloner.classicarmsandm) application @7F080193 for Android does not verify X.509 certificates from SSL se...

CVE-2014-7345

The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7346

The Bespoke (aka com.magzter.bespoke) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7348

The HOT CARS (aka com.magzter.hotcars) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-7351

The GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-7352

The India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) application 1.0 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-7353

The JAZAN 24 (aka com.jazan24.Mcreda) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7354

The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7357

The Grandparenting is Great (aka com.app_gig.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7358

The Vermont Powder (aka com.concursive.vermontpowder) application 4.1 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7359

The MAPA DA MINA (aka com.wMAPADAMINA) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-7360

The How To Boil Eggs (aka com.appmakr.app842173) application 251333 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7361

The Harry's Pub (aka com.emunching.harryspub) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-7362

The Naranjas Con Tocados (aka com.NaranjasConTocados.com) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7364

The Promotional Items (aka com.wPromotionalItems) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7366

The Identity (aka com.magzter.identity) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-midd...

CVE-2014-7367

The TuS 1947 Radis (aka com.tus1947radis) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7368

The Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application 0.75.13440.35155 for Android does not verify X.509 certi...

CVE-2014-7369

The Il Brillo Parlante (aka com.wIlBrilloParlante) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7370

The Job MoBleeps (aka com.wJobMoBleeps) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-7371

The Magic Balloonman Marty Boone (aka com.app_martyboone.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-7372

The Mr.Sausage (aka com.app_mrsausage.layout) application 1.301 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-7373

The Inspire Weddings (aka com.magzter.inspireweddings) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7374

The SPIN - Motion Comic (aka me.narr8.android.serial.spin) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7375

The Childcare (aka com.app_macchildcare.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7376

The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application 0.1 for Android does not verify X.509 certificates from SSL servers,...

CVE-2014-7378

The Jobranco (aka com.jobranco) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attack...

CVE-2014-7379

The Kiddie Kinderschoenen (aka nl.eigenwinkelapp.kiddiekinderschoenen) application 1.0 for Android does not verify X.509 certificates from SSL servers...

CVE-2014-7380

The Cedar Kiosk (aka com.apps2you.cedarkiosk) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-7382

The Alternative Connection (aka com.wAlternativeConnection) application 0.1 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7384

The Joe's Lawn Service (aka com.appexpress.joeslawnservice) application 1.5 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7385

The Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) application 1.404 for Android does not verify X.509 certificates from SSL servers, ...

CVE-2014-7387

The ACC Advocacy Action (aka com.acc.app.android.ui) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7388

The Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7389

The Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-7390

The Enchanted Fashion Crush (aka com.tabtale.springcrushbundleint) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, ...

CVE-2014-7391

The Synx addictive puzzle game (aka us.synx.mobile.play) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7392

The Russian Federation Traffic Rules (aka com.russia.pdd) application 1.21 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7393

The 100 Beauty Tips (aka com.ww100BeautyTipsApp) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7394

The www.alaaliwat.com (aka com.alaliwat.marsa) application 4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7395

The USF BCM (aka com.appmakr.app193115) application 252847 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-7396

The PocketKnife Bravo Super (aka com.wPocketKnifeBravo) application 0.54.13345.33028 for Android does not verify X.509 certificates from SSL servers, ...

CVE-2014-7397

The ileri Gazetesi - Yozgat (aka com.byfes.ilerigazetesi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7398

The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7399

The Suzanne Glathar (aka com.app_sglathar.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7402

The SK encar (aka com.encardirect.app) application @7F050000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CVE-2014-7403

The NZHondas.com (aka com.tapatalk.nzhondascom) application 3.6.14 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7405

The Belaire Family Orthodontics (aka com.app_bf.layout) application 1.304 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7406

The Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.directory) application 1.1.729.1694 for Android does not verify X.509 certificate...

CVE-2014-7407

The Game Day Tix (aka com.xcr.android.mygamedaytickets) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-7408

The Gary Johnson for President '12 (aka com.GaryJohnson2012) application 0.75.13439.53899 for Android does not verify X.509 certificates from SSL serv...

CVE-2014-7409

The Liburan Hemat (aka com.liburan.bro) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-7410

The Aptallik Testi (aka com.wAptallikTesti) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2014-7413

The Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) application 1.1 for Android does not verify X.509 certificates from SSL servers, which ...

CVE-2014-7414

The CLEO Malaysia (aka com.magzter.cleomalaysia) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7415

The Asylum! (aka com.nobexinc.wls_96362255.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7416

The Craft Stamper Magazine (aka com.triactivemedia.craftstamper) application @7F080183 for Android does not verify X.509 certificates from SSL servers...

CVE-2014-7417

The Real Academia de Bellas Artes (aka com.adianteventures.adianteapps.real_academia_de_bellas_artes) application 1.0 for Android does not verify X.50...

CVE-2014-7418

The BBC Knowledge Magazine (aka com.magzter.bbcknowledge) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7419

The PokeCreator Lite (aka com.pokecreator.builderlite) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7420

The Just Bureaucracy (aka com.magzter.justbureaucracy) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7421

The Revel in the Rideau Lakes (aka com.mytoursapp.android.app326) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-7422

The HEA Mobile (aka com.homerelectric.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-7423

The Youth Incorporated (aka com.magzter.youthincorporated) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7424

The Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) application 1.0 for Android does not verify X.509 certificates from SSL servers, which ...

CVE-2014-7425

The Doodle Devil Free (aka com.joybits.doodledevil_free) application 2.1.4 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7427

The Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) application 0.75.13441.88885 for Android does not verify X.509 certificates from SSL ...

CVE-2014-7428

The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application 2.4 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7430

The Flood-It (aka com.appspot.eoltek.flood) application 4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2014-7431

The Breeze Jersey (aka com.sc.breezeje.banking) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-7432

The CalculatorApp (aka com.intuit.alm.testandroidapp) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7433

The Student ID (aka com.computas.studentbevis) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7434

The RTSinfo (aka ch.rts.rtsinfo) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle att...

CVE-2014-7435

The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7436

The SOS recette (aka com.sos.recette) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7437

The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7439

The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7441

The Pakan Ken Tube (aka com.PakanKen) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7443

The Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application 1.3.0 for Android does not verify X.509 certificates from SSL ...

CVE-2014-7444

The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2014-7445

The LEGEND OF TRANCE (aka com.legendoftrance) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-7446

The Bilingual Magic Ball (aka com.wBilingualMagicBall) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7447

The Dattch - The Lesbian App (aka com.dattch.dattch.app) application 0.30 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7448

The DealSide Institutional (aka com.magzter.dealsideinstitutional) application 3.1 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-7449

The My NGEMC Account (aka com.ngemc.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7450

The allnurses (aka com.tapatalk.allnursescom) application 3.4.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7452

The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7454

The Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) application 1.1 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-7455

The Zoella Unofficial (aka com.automon.ay.zoella) application 1.4.0.5 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7456

The Digit Magazine (aka com.magzter.digitmagazine) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7457

The Electronics For You (aka com.magzter.electronicsforyou) application 3.02 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7458

The BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) application 2.4 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7459

The Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) application 1.0011.b0011 for Android does not verify X.509 certificates from SSL ser...

CVE-2014-7460

The Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) application 1.123 for Android does not verify X.509 certificates from SSL servers...

CVE-2014-7461

The A King Sperm by Dr. Seema Rao (aka com.wKingSperm) application 0.63.13384.23020 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-7462

The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-7463

The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7464

The Magic Stamp (aka vn.avagame.apotatem) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7465

The PC Advisor (aka com.triactivemedia.pcadvisor) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-7466

The Live TV Browser (aka com.wHDSmartBrowser) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-7467

The HoneyBee Mag (aka com.magzter.honeybeemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7468

The AG Klettern Odenwald (aka de.appack.project.agko) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7469

The Best Beginning (aka com.bbbeta) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at...

CVE-2014-7470

The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesais_film_android_1.1 for Android does not verify X.509 certificates from SSL serv...

CVE-2014-7471

The international-arbitration-attorney.com (aka com.w0f1d79a1010d819acbee876007d0bebc) application 0.1 for Android does not verify X.509 certificates ...

CVE-2014-7472

The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7475

The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-midd...

CVE-2014-7476

The Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7478

The nashaplaneta.su (aka com.wNashaPlaneta) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CVE-2014-7481

The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7483

The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application 4.0.729.1748 for Android does not verify X.509 certificates from SSL server...

CVE-2014-7484

The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application 2.0.41725 for Android does not verify X.509 certificates from SSL serv...

CVE-2014-7485

The Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-7486

The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7487

The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application @7F080181 for Android does not verify X.509 certificates fro...

CVE-2014-7488

The Vineyard All In (aka com.wVineyardAllIn) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CVE-2014-7490

The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7491

The Short Stories (aka com.ireadercity.c48) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-7492

The Secretos de belleza (aka com.rareartifact.secretosdebelleza83A55CB8) application 1.0 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-7493

The 100 Books (aka com.ireadercity.c20) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7494

The Kontan Kiosk (aka com.appsfoundry.scoopwl.id.kontankiosk) application @7F07025E for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-7495

The LogosQuest - Beginnings (aka com.wLogosQuest) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7497

The Portfolium (aka com.wPortfolium) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-7498

The Space Cinema (aka it.thespacecinema.android) application 2.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7499

The Sword (aka com.ireadercity.c25) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7501

The Translation Widget (aka com.wTranslationGadget) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7502

The Escucha elDiario.es (aka es.lacabradev.escuchaeldiario) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7505

The AppTalk (aka com.chatatami.apptalk) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7506

The Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) application 5.5 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7507

The Hector Leal (aka ad.hector.leal.com) application 13/08/14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-7508

The Help For Doc (aka com.childrens.physician.relations) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7509

The A Very Short History of Japan (aka com.ireadercity.c51) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7510

The Graffit It (aka com.presenttechnologies.graffitit) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7513

The Top Hangover Cures (aka com.TopHangoverCures) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7515

The Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-7516

The Central East LHIN News (aka com.wCentralEastLHINNews) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7517

The Myanmar Movies HD (aka com.wmyanmarmoviesHD) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7518

The Bowl Expo 2014 (aka com.coreapps.android.followme.bowlexpo14) application 6.1.1.5 for Android does not verify X.509 certificates from SSL servers,...

CVE-2014-7519

The Cycling Manager Game Cff (aka com.CyclingManagerGame) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7520

The Nova 92.1 FM (aka com.wNova921FM) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7521

The Anderson Musaamil (aka com.app_andersonmusaamil.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7522

The Maccabi Pakal (aka com.ideomobile.pakalmaccabi) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7523

The Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7524

The Bed and Breakfast (aka com.wbedandbreakfastapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7525

The Domain Name Search & Web Host (aka com.wDomainNameSearchandRegistration) application 0.64.13398.55733 for Android does not verify X.509 certificat...

CVE-2014-7526

The Immunize Canada (aka ca.ohri.immunizeapp) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-7527

The Savage Nation Mobile Web (aka com.wSavageNation) application 0.57.13354.63350 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-7528

The Horsepower (aka com.apptive.android.apps.horsepower) application 2.10.11 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7529

The Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) application 0.18.13146.42280 for Android does not verify X.509 certificates from SSL serv...

CVE-2014-7530

The PRIX IMPORT (aka com.myapphone.android.myapppriximport) application 1.0 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7532

The GES Agri Connect (aka com.wAgriConnect) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2014-7533

The NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) application 1.2 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7534

The Funny & Interesting Things (aka com.wFunnyandInterestingThings) application 0.1 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-7535

The Classic Racer (aka com.triactivemedia.classicracer) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7536

The Service Academy Forums (aka com.tapatalk.serviceacademyforumscom) application 3.6.12 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-7538

The Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) application 0.21.13219.95110 for Android does not verify X.509 certificates from SSL ...

CVE-2014-7539

The Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7542

The l'Informatiu (aka com.linformatiu.spm) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-7543

The Blood (aka com.sheridan.ash) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attac...

CVE-2014-7544

The Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application 2.1.7 for Android does not verify X.509 certificates from SSL...

CVE-2014-7546

The Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7547

The Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimitedholdem) application 1.2.0 for Android does not verify X.509 certificates from...

CVE-2014-7550

The basketball news & videos (aka com.basketbal.news.caesar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7551

The Noticias Bebes Beybies (aka com.beybies) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CVE-2014-7552

The Zombie Diary (aka com.ezjoy.feelingtouch.zombiediary) application 1.2.2 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7553

The GET NYCE Lightworks (aka com.wGETNYCE) application 0.84.13506.98953 for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-7554

The Bouqs - Flowers Simplified (aka com.bouqs.activity) application 1.8.4 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7555

The Apparound BLEND (aka com.apparound.mobile.catalogo) application 4.9.0 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7557

The zroadster.com (aka com.tapatalk.zroadstercomforum) application 2.4.13.17 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7558

The Everest Poker (aka com.wEverestPoker) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7559

The InstaTalks (aka com.natrobit.instatalks) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7560

The Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7562

The Health Advocate SmartHelp (aka com.healthadvocate.ui) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7563

The Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c4032a7.app) application 1.9.23.276 for Android does not verify X.509 certificate...

CVE-2014-7564

The Simple Car Care Tip and Advice (aka com.a1481542198504ee106f182c8a.a40350826a) application 1.03 for Android does not verify X.509 certificates fro...

CVE-2014-7565

The Rando Noeux (aka com.gmteditions.NoeuxLesMinesDistrib) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7566

The Stift Neuburg (aka de.appack.project.neuburg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7567

The iMig 2012 (aka com.webges.imig) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7568

The Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-7569

The Best Greatness Quotes (aka best.free.greatness.quotes.android.app) application 1.0 for Android does not verify X.509 certificates from SSL servers...

CVE-2014-7570

The Fire Equipments Screen lock (aka com.locktheworld.screen.lock.theme.FireEquipments) application 1.1 for Android does not verify X.509 certificates...

CVE-2014-7571

The Grey's Anatomy Fan (aka nl.jborsje.android.tvfan.greysanatomy) application 3.7.2 for Android does not verify X.509 certificates from SSL servers, ...

CVE-2014-7572

The Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbooklite) application 7.2 for Android does not verify X.509 certificates from SSL se...

CVE-2014-7573

The droid Survey Offline Forms (aka com.contact.droidSURVEY) application 2.5.2 for Android does not verify X.509 certificates from SSL servers, which ...

CVE-2014-7575

The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-7576

The Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii.hanh.trinh.moi.long.tieng) application 2.0 for Android does not verify X.509 cer...

CVE-2014-7577

The B&H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7578

The Bieber News Now (aka com.jbnews) application 12.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-7580

The Thailand Investor News (aka nudecreative.thaistock.set) application 1.39s for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7581

The Quotes of Travis Barker (aka com.celebrity_quotes.travisbarker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers,...

CVE-2014-7582

The Water Lateral Sizer (aka com.wWaterLateralSizer) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7584

The ACN2GO (aka com.dataparadigm.acnmobile) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2014-7585

The Biplane Forum (aka com.gcspublishing.biplaneforum) application 3.7.14 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7587

The Blocked in Free (aka com.blueup.blocked) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CVE-2014-7589

The Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application 2.40 for Android does not verify X.509 certificates from...

CVE-2014-7590

The WebPromoExperts (aka ua.com.webpromoexperts) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7591

The Demon (aka com.ireadercity.c24) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-7592

The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) application 3.0.729.1459 for Android does not verify X.509 certificates from SSL se...

CVE-2014-7593

The Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7595

The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-7596

The Paramore (aka uk.co.pixelkicks.paramore) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7597

The Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7598

The Poker Puzzle (aka com.sharpiq.pokerpuzzle) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7602

The FRONT (aka com.magazinecloner.front) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7603

The Gravey Design (aka com.dreamstep.wGraveyDesign) application 0.58.13357.54919 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7604

The Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) application 1.0 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-7605

The Actors Key (aka com.conduit.app_f83daeb6861b401bb103c33ea4210029.app) application 1.6.24.477 for Android does not verify X.509 certificates from S...

CVE-2014-7606

The Concursive (aka com.concursive.app) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-7607

The Swamiji.tv (aka org.yidl.SwamijiTV) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-7608

The Carrier Enterprise HVAC Assist (aka com.es.CE) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7609

The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7610

The Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers...

CVE-2014-7611

The Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) application 1.6 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7612

The e-Kiosk (aka com.ekioskreader.android.pdfviewer) application 1.74 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7613

The WASPS Official Programmes (aka com.triactivemedia.wasps) application @7F080130 for Android does not verify X.509 certificates from SSL servers, wh...

CVE-2014-7614

The Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7616

The Physics Forums (aka com.tapatalk.physicsforumscom) application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7617

The www.roads365.com (aka ydx.android) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-midd...

CVE-2014-7618

The Interior Design (aka com.interior.design.mcreda) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7620

The Authors On Tour - Live! (aka com.appmakr.app122286) application 4 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7621

The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7622

The Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application 1.5 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-7624

The Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) application 1.3 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7626

The Atme (aka com.bedigital.atme) application 1.0.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2012-2413

Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web scri...

CVE-2012-5244

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, ...

CVE-2014-6280

Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ...

CVE-2014-6308

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in ...

CVE-2012-5701

Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the ...

CVE-2012-5865

SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid pa...

CVE-2012-5866

Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field ...

CVE-2014-2081

Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before...

CVE-2014-5094

Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo fu...

CVE-2014-5098

Cross-site scripting (XSS) vulnerability in the Search module before 1.2.2 in Jamroom allows remote attackers to inject arbitrary web script or HTML v...

CVE-2014-5447

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by re...

CVE-2014-5448

Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading th...

CVE-2014-5449

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive inf...

CVE-2014-8329

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which ...

CVE-2012-5694

Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQ...

CVE-2012-5695

Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attack...

CVE-2012-5696

Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers ...

CVE-2012-5697

The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the fr...

CVE-2014-3830

Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the fa...

CVE-2014-3978

SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Na...

CVE-2014-5275

Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute a...

CVE-2014-5276

Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web s...

CVE-2014-8330

Cross-site scripting (XSS) vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a n...

CVE-2014-8331

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B10...

CVE-2014-3564

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote...

CVE-2014-5025

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary...

CVE-2014-5026

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web scrip...

CVE-2014-5169

Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create ...

CVE-2014-8363

SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitra...

CVE-2014-8364

Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to in...

CVE-2014-3863

Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows remote attackers to inject arbitrary web script or...

CVE-2014-8365

Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the (1) nam...

CVE-2014-8366

SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to inde...

CVE-2014-4884

The Conrad Hotel (aka com.wConradHotel) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-4885

The CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application 3.4.4 for Android does not verify X.509 certificates from SS...

CVE-2014-4887

The Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-4888

The BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) application 1.1.0 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-4889

The Diabetic Diet Guide (aka com.wDiabeticDietGuide) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-4890

The Nano Digest (aka com.magzter.nanodigest) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CVE-2014-4891

The CT iHub (aka com.concursive.ctihub) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle ...

CVE-2014-4892

The uControl Smart Home Automation (aka de.ucontrol) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-4894

The MyMetro (aka com.myrippleapps.mymetro) application 2.4.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CVE-2014-4895

The Herpin Time Radio (aka com.herpin.time.radio) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-4896

The Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) application 1.02 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-4897

The Touriosity Travelmag (aka com.magzter.touriositytravelmag) application 3.1 for Android does not verify X.509 certificates from SSL servers, which ...

CVE-2014-4898

The Harivijay (aka com.upasanhar.marathi.harivijay) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-4899

The Indian Cement Review (aka com.magzter.indiancementreview) application 3.01 for Android does not verify X.509 certificates from SSL servers, which ...

CVE-2014-4900

The migme (aka com.projectgoth) application 4.03.002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-4901

The Bond Trading (aka com.appmakr.app613309) application 197705 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-4903

The Kakao Bingo Garden (aka com.mocoga.bingogarden) application 1.0.14 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-4904

The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-4905

The Clean Internet Browser (aka com.cleantab.browsesecure) application 1.36 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-4906

The Brisbane & Queensland Alert (aka com.queensland.alert) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7628

The Acorn Comms (aka com.acorncomms.app) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-midd...

CVE-2014-7629

The Yulman Stadium (aka com.dub.app.tulanestadium) application 1.4.25 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7630

The Fling Gold (aka com.mbgames.fling.gold) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-7631

The Villa Antonia (aka com.appbuilder.u7p5019) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CVE-2014-7632

The news revolution - bahrain (aka com.news.revolution.BH) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7633

The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CVE-2014-7634

The Adopt O Pet (aka com.wFindAPet) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at...

CVE-2014-7636

The United Hawk Nation (aka com.united12thman) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7638

The Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7640

The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at...

CVE-2014-7642

The Pegasus Airlines (aka com.wPegasusAirlines) application 0.84.13503.96707 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7643

The C.R. Group (aka com.c.r.group) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle att...

CVE-2014-7644

The Go MSX MLS (aka com.doapps.android.realestate.RE_16b9c09c4d5b0e174208f35e7c49f9a0) application 2.3.4.MR3 for Android does not verify X.509 certifi...

CVE-2014-7646

The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7647

The BOOKING DISCOUNT (aka com.wmygoodhotelscom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-7648

The SMARTalk (aka jp.co.fusioncom.smartalk.android) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7649

The Classic Car Buyer (aka com.magazinecloner.carbuyer) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7650

The JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7652

The Magicam Photo Magic Editor (aka mobi.magicam.editor) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7655

The Dresden Transport Museum (aka de.appack.project.vmd) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7656

The Indian Management (aka com.magzter.indianmanagement) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7659

The ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) application 3.7.13 for Android does not verify X.509 certificates from SSL servers...

CVE-2014-7660

The Gent Magazine (aka com.magzter.thegentmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7661

The Masquito Blogger (aka com.wmasquito) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-midd...

CVE-2014-7663

The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7664

The Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) application 0.1 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-7666

The American Waterfowler (aka com.magazinecloner.americanwaterfowler) application @7F0801AA for Android does not verify X.509 certificates from SSL se...

CVE-2014-7667

The Coca-Cola FM Honduras (aka com.enyetech.radio.coca_cola.fm_hn) application 2.0.41725 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-7668

The Ads Free. Cz advert (aka cz.inzeratyzdarma.cz) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7670

The Motor Town: Machine Soul Free (aka com.alawar.motortownfree) application 1.1 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7671

The Tekno Apsis (aka com.teknoapsis) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...

CVE-2014-7674

The TicketOne.it (aka it.ticketone.mobile.app.Android) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7676

The Home Made Air Freshener (aka com.wHomeMadeAirFreshener) application 1.1 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7677

The Scudetto (aka com.scudetto) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attack...

CVE-2014-7681

The VMware vForums 2014 (aka com.coreapps.android.followme.vmwarevforums) application 6.0.9.4 for Android does not verify X.509 certificates from SSL ...

CVE-2014-7682

The GR8! TV (aka com.magzter.greighttv) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middl...

CVE-2014-7683

The Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application 1.0.0 for Android does not verify X.509 certificates from SSL ...

CVE-2014-7685

The Razer Comms - Gaming Messenger (aka com.razerzone.comms) application 1.3.07 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-7686

The So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) application 3.2 for Android does not verify X.509 certificates from SSL servers, w...

CVE-2014-7688

The Home Improvement (aka com.whomeimprovementapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7689

The GzoneRC - The RC Hobby Hub (aka com.wGzoneRC) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7690

The myfone Shopping (aka com.twm.pt.eccart) application 2.1.01.00.040 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7691

The Life Story of Sheikh Mujib (aka com.wbongobondho) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7692

The Lent Experience (aka com.wLentExperience) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the...

CVE-2014-7693

The JusApp! (aka com.tapatalk.jusappcombrforum) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7694

The Corvette Museum (aka com.app_corvettemuseum.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7695

The easaa Baoneng (aka com.easaa.baoneng) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7696

The Halftime Magazine (aka com.magzter.halftimemagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7697

The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7698

The Xinhua International (aka org.xinhua.xnews_international) application 5.5.0 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-7700

The Flying Fox (aka com.chillingo.slyfoxfree.android.aja) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7701

The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-7702

The ahtty (aka com.crevation.babylon.ahtty) application 1.97.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-7703

The Terrorizer Magazine (aka com.triactivemedia.terrorizer) application @7F08017A for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-7705

The Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingList) application 1.1 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-7707

The Outdoor Design And Living (aka com.pocketmagsau.outdoordesignandliving) application @7F080181 for Android does not verify X.509 certificates from ...

CVE-2014-7708

The Raven - The Culture Lover (aka com.booksbyraven) application 1.60 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7710

The India Today Telugu (aka com.magzter.indiatoday.telugu) application 3.02 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7712

The Tiket.com Hotel & Flight (aka com.tiket.gits) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7713

The Skin&Ink Magazine (aka com.triactivemedia.skinandink) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-7714

The ibon (aka tw.net.pic.mobi) application 3.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attac...

CVE-2014-7715

The GIGA HOBBY (aka com.innopage.store.gigahobby) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7716

The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application 1.0.1 for Android does not verify X.509 certificates from SSL servers,...

CVE-2014-7717

The Mills-Hazel Property Mgmt (aka com.appexpress.millshazelpropertymanagement) application 3.0.0 for Android does not verify X.509 certificates from ...

CVE-2014-7718

The Travel+Leisure (aka com.magzter.travelleisure) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7719

The BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) application 1.13 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7720

The Better Homes and Gardens Aus (aka com.pacificmagazines.betterhomesandgardens) application @7F0801B2 for Android does not verify X.509 certificates...

CVE-2014-7721

The President Clicker (aka com.flexymind.pclicker) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7722

The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7723

The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7724

The Chemssou Blink (aka com.chemssou.blink) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2014-7725

The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application 0.11 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7726

The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7727

The Dj Brad H (aka com.dreamstep.wDjBradH) application 0.90 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-m...

CVE-2014-7728

The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application 1.0010.b0010 for Android does not verify X.509 certificates from SSL ser...

CVE-2014-7731

The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-7733

The Karaf Magazin (aka com.magzter.karafmagazin) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7734

The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers...

CVE-2014-7735

The Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) application 1.0 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7737

The FMAC : Federation Culinaire (aka com.fmac) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-th...

CVE-2014-7739

The Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7740

The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7741

The Healing Bookstore (aka com.wHealingBookstore) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7742

The Noticias del Vaticano (aka com.wNoticiasdelVaticano) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows...

CVE-2014-7743

The Humor Ironias y Realidades (aka com.wHumork) application 0.63.13371.13576 for Android does not verify X.509 certificates from SSL servers, which a...

CVE-2014-7744

The Musulmanin.com (aka com.wSalyafiyailimurdjiya) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-i...

CVE-2014-7745

The Flight Manager (aka com.flightmanager.view) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-7746

The Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) application @7F0801AA for Android does not verify X.509 certificates from SSL se...

CVE-2014-7748

The Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7749

The CamDictionary (aka com.intsig.camdict) application 2.3.0.20131118 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7750

The Taster Magazine (aka com.magazinecloner.taster) application @7F080183 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2014-7751

The Recetas de Tragos (aka com.wRecetasdeTragos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7752

The NASIOC (aka net.endoftime.android.forumrunner.nasioc) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7753

The Circa News (aka cir.ca) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacker...

CVE-2014-7754

The Condor S.E. (aka com.app_condorsoutheast.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7755

The eTopUpOnline (aka com.moremagic.etopup.client.android) application 3.4.9 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7756

The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application 4.6.2 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-7757

The Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjagame) application 1.0.23 for Android does not verify X.509 certificates from SSL s...

CVE-2014-7758

The AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) application 0.1 for Android does not verify X.509 certificates from SSL servers, whic...

CVE-2014-7759

The Jazz Lovers Radio (aka com.nobexinc.wls_99273254.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7760

The Health assistance service (aka net.nttcloud.ft.karada) application 2.4.1 for Android does not verify X.509 certificates from SSL servers, which al...

CVE-2014-7761

The Ink Cards (aka com.sincerely.android.ink) application 2.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-t...

CVE-2014-7762

The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-7763

The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-7764

The Semper Invicta Fitness (aka com.semper.invicta.fitness) application 1.1 for Android does not verify X.509 certificates from SSL servers, which all...

CVE-2014-7765

The Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-7766

The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application 1.0 f...

CVE-2014-7767

The A+ (aka cn.xrzcm) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to s...

CVE-2014-7768

The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7769

The Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) application 1.0021.b0021 for Android does not verify X.509 certificates from SSL...

CVE-2014-7770

The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application 2.0 for Android does not verify X.509 certificates from SSL servers...

CVE-2014-7771

The World Tamil Bayan (aka com.wWorldTamilBayan) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7772

The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7773

The Cleveland Football STREAM (aka com.appstronautme.clevelandfootballstream) application 2.1.0 for Android does not verify X.509 certificates from SS...

CVE-2014-7774

The Herbs & Flowers Dictionary (aka com.wHerbsNFlowersDictionary) application 0.1 for Android does not verify X.509 certificates from SSL servers, whi...

CVE-2014-7775

The Champak - Hindi (aka com.magzter.champakhindi) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man...

CVE-2014-7776

The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mid...

CVE-2014-7777

The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application 3.9.14 for Android does not verify X.509 certificates from SSL servers, which ...

CVE-2014-7778

The Epc World (aka com.magzter.epcworld) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-midd...

CVE-2014-7779

The Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) application 0.1 for Android does not verify X.509 certificates from SSL servers, ...

CVE-2014-7780

The Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d29886bc40.app) application 1.21.38.6504 for Android does not verify X.509 certif...

CVE-2014-7781

The Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application 3.2 for Android does not verify X.509 certificates from ...

CVE-2014-7782

The Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMacedonia) application 1.0 for Android does not verify X.509 certificates from SSL ...

CVE-2014-7783

The Bill G. Bennett (aka com.billgbennett) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-mi...

CVE-2014-7784

The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7785

The AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL serve...

CVE-2014-7786

The English Football Magazine (aka com.magzter.englishfootball) application 3.0 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-7787

The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CVE-2014-7788

The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7789

The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7791

The Backyard Wrestling (aka com.wBackyardWrestling) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-...

CVE-2014-7793

The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows m...

CVE-2014-7794

The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL se...

CVE-2014-7795

The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows ma...

CVE-2014-7796

The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows ...

CVE-2014-7797

The Thai food (aka com.foods.thaifood) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle...

CVE-2014-7798

The Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) application 2.0.41709 for Android does not verify X.509 certificates from SSL servers...

CVE-2014-7799

The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in...

CVE-2014-7800

The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allo...

CVE-2014-7802

The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application @7F050001 for Android does not verify X.509 certif...

CVE-2014-7803

The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which...

CVE-2014-7804

The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allow...

CVE-2012-5242

Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary ...

CVE-2012-5243

functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702

Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (...

CVE-2013-7406

SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-7140

Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1...

CVE-2014-8375

SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQ...

CVE-2014-4514

Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remo...

CVE-2014-4517

Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attac...

CVE-2014-4577

Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote...

CVE-2014-5005

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via...

CVE-2014-5006

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via...

CVE-2014-7280

Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web...

CVE-2014-8376

Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote aut...

CVE-2014-8377

Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the ph...

CVE-2014-8378

Cross-site scripting (XSS) vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer conten...

CVE-2014-8379

Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain p...

CVE-2014-8380

Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in...

CVE-2014-2531

SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 a...

CVE-2014-3111

Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML v...

CVE-2014-4448

House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to ob...

CVE-2014-4449

iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof serv...

CVE-2014-4450

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribut...

CVE-2013-7407

Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified vict...

CVE-2014-3675

Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676

Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot o...

CVE-2014-3677

Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-6352

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows R...

CVE-2014-6387

gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an...

CVE-2014-7182

Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrar...

CVE-2014-7183

Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web s...

CVE-2014-7968

VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.

CVE-2014-8088

The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to b...

CVE-2014-8325

The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consump...

CVE-2014-8381

Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the ...

CVE-2014-8761

inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images...

CVE-2014-8762

The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parame...

CVE-2014-8763

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password star...

CVE-2014-8764

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user nam...

CVE-2014-3828

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to ex...

CVE-2014-3829

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitra...

CVE-2014-4766

IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive information by reading an exported Record and Playback...

CVE-2014-0619

Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attack...

CVE-2014-2230

Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary w...

CVE-2014-7281

Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hija...

CVE-2014-7292

Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) a...

CVE-2014-8071

Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML vi...

CVE-2014-8072

The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.

CVE-2014-8073

Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrato...

CVE-2014-7298

adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arb...

CVE-2014-8346

The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier fo...

CVE-2014-2021

Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated use...

CVE-2014-3604

Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common...

CVE-2014-6230

WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-F...

CVE-2014-6251

Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with...

CVE-2014-7180

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which all...

CVE-2014-8760

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without ...

CVE-2014-3409

The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote at...

CVE-2014-4620

The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Ap...

CVE-2014-4623

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enab...

CVE-2014-4624

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which al...

CVE-2014-6151

CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduc...

CVE-2014-6152

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary w...

CVE-2014-6611

The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 1...

CVE-2014-3636

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and ...

CVE-2014-1927

The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via...

CVE-2014-1928

The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code...

CVE-2014-1929

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positio...

CVE-2014-5075

The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matche...

CVE-2013-4594

The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to u...

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan hor...

CVE-2014-3137

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to b...

CVE-2013-1641

Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a ....

CVE-2014-2987

Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition befor...

CVE-2014-4812

The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to ...

CVE-2014-6099

The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests...

CVE-2014-6133

IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors.

CVE-2014-6037

Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote at...

CVE-2013-6796

The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous b...

CVE-2013-7408

F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by gue...

CVE-2014-3520

OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to a...

CVE-2014-5148

Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap...

CVE-2014-5520

SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugi...

CVE-2014-6635

Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in...

CVE-2010-4820

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library ...

CVE-2011-4103

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute a...

CVE-2011-4104

The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to exec...

CVE-2011-4953

The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related t...

CVE-2014-0136

The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitra...

CVE-2014-2988

EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows rem...

CVE-2014-3711

namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed pr...

CVE-2014-3954

Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute...

CVE-2014-3955

routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request fro...

CVE-2014-8327

The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obta...

CVE-2003-1599

PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in...

CVE-2010-5077

server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denia...

CVE-2011-2702

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows...

CVE-2012-1111

lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or ...

CVE-2012-5580

Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial o...

CVE-2014-4586

Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary...

CVE-2014-4023

Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller ...

CVE-2014-8505

Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow remote attackers to inject arbitrary web script or HTML via the (1) page_id par...

CVE-2014-8506

Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/ind...

CVE-2014-3293

Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a d...

CVE-2014-4808

Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0....

CVE-2014-4814

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03...

CVE-2014-4821

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03...

CVE-2014-6125

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbi...

CVE-2014-6126

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via ...

CVE-2014-3051

The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 bef...

CVE-2014-3668

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5...

CVE-2014-3669

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 al...

CVE-2014-3670

The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floatin...

CVE-2014-3694

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Ba...

CVE-2014-3695

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via ...

CVE-2014-3696

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (applicatio...

CVE-2014-3697

Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to writ...

CVE-2014-3698

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sens...

CVE-2014-4839

Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1...

CVE-2014-4877

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and c...

CVE-2014-6149

Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 thro...

CVE-2014-8518

The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File...

CVE-2014-8519

Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors.

CVE-2014-8520

McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network port...

CVE-2014-8521

Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrar...

CVE-2014-8522

The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to...

CVE-2014-8523

Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authent...

CVE-2014-8524

McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote...

CVE-2014-8525

McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it...

CVE-2014-8526

McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace.

CVE-2014-8527

McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a...

CVE-2014-8528

McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit ...

CVE-2014-8529

McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via un...

CVE-2014-8530

Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect int...

CVE-2014-8531

The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticate...

CVE-2014-8532

Unspecified vulnerability in McAfee Network Data Loss Prevention before (NDLP) before 9.3 allows local users to obtain sensitive information and impac...

CVE-2014-8533

McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection.

CVE-2014-8534

Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service...

CVE-2014-8535

McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vec...

CVE-2014-8536

McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages.

CVE-2014-8537

McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs.

CVE-2014-8538

The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-...

CVE-2014-7877

Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

CVE-2013-3304

Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in th...

CVE-2014-3446

SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL ...

CVE-2014-3584

The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (...

CVE-2014-3623

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does n...

CVE-2014-3684

The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and ea...

CVE-2013-7409

Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via ...

CVE-2014-3366

SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute a...

CVE-2014-3372

Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote at...

CVE-2014-3373

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager ...

CVE-2014-3374

Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote atta...

CVE-2014-3375

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote at...

CVE-2014-6101

Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote ...

CVE-2014-6148

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not re...

CVE-2014-6150

Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7....

CVE-2013-0334

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same n...

CVE-2014-2334

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject ...

CVE-2014-2335

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject a...

CVE-2014-2336

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 all...

CVE-2014-3708

OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption)...

CVE-2014-7177

XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml docume...

CVE-2014-7985

Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in t...

CVE-2014-7986

install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter.

CVE-2014-7987

Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter...

CVE-2014-8081

lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP cod...

CVE-2014-8082

lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reve...

CVE-2014-8333

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by del...

CVE-2014-8334

The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell me...

CVE-2014-8399

The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecifie...

CVE-2014-8495

Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows conte...

CVE-2014-8509

The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which tr...

CVE-2014-8577

Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) d...

CVE-2014-3473

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) be...

CVE-2014-3474

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon...

CVE-2014-3475

Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, a...

CVE-2014-8578

Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before...