CVE List - 2014 / December
Showing 1 - 100 of 614 CVEs for December 2014 (Page 1 of 7)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2014-2232 | 2014-12-01 | Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2014-2233 | 2014-12-01 | Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors. |
| CVE-2014-5237 | 2014-12-01 | Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed... |
| CVE-2014-7291 | 2014-12-01 | Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter. |
| CVE-2014-7816 | 2014-12-01 | Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a ..... |
| CVE-2014-8749 | 2014-12-01 | Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the... |
| CVE-2014-8866 | 2014-12-01 | The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash)... |
| CVE-2014-8867 | 2014-12-01 | The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local... |
| CVE-2014-9050 | 2014-12-01 | Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. |
| CVE-2014-9087 | 2014-12-01 | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a... |
| CVE-2014-5268 | 2014-12-01 | The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link. |
| CVE-2014-9151 | 2014-12-01 | The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force... |
| CVE-2014-9152 | 2014-12-01 | The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to... |
| CVE-2014-9153 | 2014-12-01 | Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a... |
| CVE-2014-9154 | 2014-12-01 | The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to... |
| CVE-2014-9155 | 2014-12-01 | Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot)... |
| CVE-2014-9156 | 2014-12-01 | The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read... |
| CVE-2013-6494 | 2014-12-02 | fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service... |
| CVE-2014-3065 | 2014-12-02 | Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before... |
| CVE-2014-3068 | 2014-12-02 | IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0... |
| CVE-2014-3703 | 2014-12-02 | OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall... |
| CVE-2014-5284 | 2014-12-02 | host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by... |
| CVE-2014-8791 | 2014-12-02 | project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. |
| CVE-2014-8728 | 2014-12-02 | SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands... |
| CVE-2014-8754 | 2014-12-02 | Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in... |
| CVE-2014-8788 | 2014-12-02 | GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. |
| CVE-2014-8789 | 2014-12-02 | GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled... |
| CVE-2014-8874 | 2014-12-02 | The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct... |
| CVE-2014-9112 | 2014-12-02 | Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. |
| CVE-2014-9113 | 2014-12-02 | CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4)... |
| CVE-2014-9116 | 2014-12-02 | The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via... |
| CVE-2014-9173 | 2014-12-02 | SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. |
| CVE-2014-9174 | 2014-12-02 | Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter... |
| CVE-2014-9175 | 2014-12-02 | SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action... |
| CVE-2014-9176 | 2014-12-02 | Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php. |
| CVE-2014-9177 | 2014-12-02 | The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php. |
| CVE-2014-9178 | 2014-12-02 | Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL... |
| CVE-2014-9179 | 2014-12-02 | Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in... |
| CVE-2014-9180 | 2014-12-02 | Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING. |
| CVE-2014-9181 | 2014-12-02 | Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2)... |
| CVE-2014-9182 | 2014-12-02 | models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. |
| CVE-2014-9183 | 2014-12-02 | ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. |
| CVE-2014-9184 | 2014-12-02 | ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. |
| CVE-2014-3988 | 2014-12-03 | Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name... |
| CVE-2014-9141 | 2014-12-03 | The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. |
| CVE-2014-9220 | 2014-12-03 | SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. |
| CVE-2014-8104 | 2014-12-03 | OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. |
| CVE-2014-8771 | 2014-12-03 | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2014-8772 | 2014-12-03 | Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter. |
| CVE-2014-8773 | 2014-12-03 | MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in... |
| CVE-2014-8774 | 2014-12-03 | Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter. |
| CVE-2014-8775 | 2014-12-03 | MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive... |
| CVE-2014-9018 | 2014-12-03 | Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. |
| CVE-2013-7416 | 2014-12-03 | canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. |
| CVE-2014-9134 | 2014-12-03 | Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing... |
| CVE-2014-9157 | 2014-12-03 | Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled... |
| CVE-2014-9238 | 2014-12-03 | D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. |
| CVE-2014-9234 | 2014-12-03 | Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| CVE-2014-9235 | 2014-12-03 | Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or... |
| CVE-2014-9236 | 2014-12-03 | Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or... |
| CVE-2014-9237 | 2014-12-03 | SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. |
| CVE-2014-9239 | 2014-12-03 | SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary... |
| CVE-2014-9240 | 2014-12-03 | SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action. |
| CVE-2014-9241 | 2014-12-03 | Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2)... |
| CVE-2014-9242 | 2014-12-03 | SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. |
| CVE-2014-9243 | 2014-12-03 | Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php,... |
| CVE-2014-5445 | 2014-12-04 | Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full... |
| CVE-2014-5446 | 2014-12-04 | Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via... |
| CVE-2014-6034 | 2014-12-04 | Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users... |
| CVE-2014-6035 | 2014-12-04 | Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in... |
| CVE-2014-6036 | 2014-12-04 | Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated... |
| CVE-2014-7867 | 2014-12-04 | SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users... |
| CVE-2014-7868 | 2014-12-04 | Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary... |
| CVE-2014-3996 | 2014-12-05 | SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password... |
| CVE-2014-3997 | 2014-12-05 | SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360... |
| CVE-2014-8800 | 2014-12-05 | Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter... |
| CVE-2014-9129 | 2014-12-05 | Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site... |
| CVE-2014-9142 | 2014-12-05 | Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. |
| CVE-2014-9143 | 2014-12-05 | Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer... |
| CVE-2014-9144 | 2014-12-05 | Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). |
| CVE-2014-9212 | 2014-12-05 | Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink... |
| CVE-2014-9215 | 2014-12-05 | SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page... |
| CVE-2012-6656 | 2014-12-05 | iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv... |
| CVE-2014-2273 | 2014-12-05 | The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. |
| CVE-2014-3561 | 2014-12-05 | The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by... |
| CVE-2014-3627 | 2014-12-05 | The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to... |
| CVE-2014-4701 | 2014-12-05 | The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. |
| CVE-2014-4702 | 2014-12-05 | The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. |
| CVE-2014-4703 | 2014-12-05 | lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of... |
| CVE-2014-6040 | 2014-12-05 | GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv... |
| CVE-2014-8123 | 2014-12-05 | Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document. |
| CVE-2014-8990 | 2014-12-05 | default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. |
| CVE-2014-9140 | 2014-12-05 | Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. |
| CVE-2014-7243 | 2014-12-05 | LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2014-7252 | 2014-12-05 | Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo... |
| CVE-2014-7253 | 2014-12-05 | FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. |
| CVE-2014-7254 | 2014-12-05 | Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors. |
| CVE-2014-7255 | 2014-12-05 | Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause... |
| CVE-2014-7256 | 2014-12-05 | The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Internet Initiative Japan Inc. SEIL series routers SEIL/x86 Fuji 1.00 through 3.22; SEIL/X1, SEIL/X2, and SEIL/B1 1.00 through 4.62; SEIL/Turbo... |
| CVE-2014-7258 | 2014-12-05 | Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified... |