CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2014 (CVSS score >= 5)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-7190 352 CSRF 2014-09-30 2014-10-01
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
2 CVE-2014-7187 119 DoS Overflow 2014-09-28 2018-10-09
10.0
 None Remote Low Not required Complete Complete Complete
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
3 CVE-2014-7186 119 DoS Overflow 2014-09-28 2018-10-09
10.0
 None Remote Low Not required Complete Complete Complete
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
4 CVE-2014-7169 78 Exec Code 2014-09-25 2021-11-17
10.0
 None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
5 CVE-2014-7153 89 Exec Code Sql 2014-09-22 2014-09-22
6.5
 None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.
6 CVE-2014-7145 399 DoS 2014-09-28 2016-08-24
7.8
 None Remote Low Not required None None Complete
The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.
7 CVE-2014-6850 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The SED Account (aka com.starkville.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
8 CVE-2014-6848 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The DS file (aka com.synology.DSfile) application 4.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
9 CVE-2014-6847 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Horoscopes and Dreams (aka com.horoscopesanddreams) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
10 CVE-2014-6846 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Four Seasons Beverly Hills (aka com.intelitycorp.FourSeasons.android.ice) application @7F050007 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
11 CVE-2014-6845 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The MediaFire (aka com.mediafire.android) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
12 CVE-2014-6844 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The ABC Song (aka com.tabtale.abcsingalong) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
13 CVE-2014-6843 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Sweatshop (aka com.orderingapps.sweatshop) application 2.96 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
14 CVE-2014-6842 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
15 CVE-2014-6841 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
16 CVE-2014-6840 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The My Wedding Planner (aka app.wedding) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
17 CVE-2014-6839 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Alma Corinthiana (aka com.alma.corinthiana) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
18 CVE-2014-6838 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Groupama toujours la (aka com.groupama.toujoursla) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
19 CVE-2014-6837 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Hillside (aka com.hillside.hermanus) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
20 CVE-2014-6836 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
21 CVE-2014-6835 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Herbal Guide (aka com.pocket.herbal.guide) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
22 CVE-2014-6834 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Instaroid - Instagram Viewer (aka net.muik.instaroid) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
23 CVE-2014-6833 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The AuctionTrac Dealer (aka com.adesa.dealer.phone) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
24 CVE-2014-6832 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
25 CVE-2014-6831 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Hippo Studio (aka com.appgreen.hippostudio) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
26 CVE-2014-6830 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) application 2.14.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
27 CVE-2014-6829 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Hook (aka com.hook.android) application 0.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
28 CVE-2014-6828 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
29 CVE-2014-6827 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The DK ONLINE Beta (aka com.sgmobile.dkonline) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
30 CVE-2014-6826 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
31 CVE-2014-6825 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
32 CVE-2014-6824 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The kamkomesan (aka com.anek.kamkomesan) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
33 CVE-2014-6823 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The kuailecaidengmi (aka com.licai.kuailecaidengmi) application 1.7.12.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
34 CVE-2014-6822 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Nerdico (aka com.nerdico.danielepais) application 1.9 Stable for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
35 CVE-2014-6821 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The voetbal (aka nl.jborsje.android.voetbal.az) application 4.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
36 CVE-2014-6820 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Amebra Ameba (aka jp.honeytrap15.amebra) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
37 CVE-2014-6819 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Lapp Group Catalogue (aka com.prinovis.LappKabel) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
38 CVE-2014-6818 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application 6.0.9.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
39 CVE-2014-6817 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Cove (aka org.covechurch.app) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
40 CVE-2014-6816 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The WISDOM (aka lvtu99.com.nescmxiaoniuniu) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
41 CVE-2014-6815 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Vouch! (aka com.voucherry.voucherry) application 2.1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
42 CVE-2014-6814 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Sentinels Randomizer (aka com.mikehipps.sentinelsrandomizer) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
43 CVE-2014-6813 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The klassens (aka com.mcreda.klassens.apps) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
44 CVE-2014-6812 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Aloha Guide (aka com.aloha.guide.english) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
45 CVE-2014-6810 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rims2014) application 6.0.7.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
46 CVE-2014-6808 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Active 24 (aka com.zentity.app.active24) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
47 CVE-2014-6807 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.app) application 1.2.7.132 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
48 CVE-2014-6806 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Thanodi - Setswana Translator (aka com.thanodi.thanodi) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
49 CVE-2014-6805 310 +Info 2014-09-30 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The weibo (aka magic.weibo) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
50 CVE-2014-6804 310 +Info 2014-09-29 2014-11-14
5.4
 None Local Network Medium Not required Partial Partial Partial
The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Total number of vulnerabilities : 1003   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.