CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2014

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2014-7185 189 Overflow +Info 2014-10-08 2019-10-25
6.4
None Remote Low Not required Partial None Partial
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
552 CVE-2014-7183 79 XSS 2014-10-22 2018-10-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
553 CVE-2014-7182 79 XSS 2014-10-22 2018-10-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php.
554 CVE-2014-7181 79 XSS 2014-10-16 2018-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page.
555 CVE-2014-7180 264 Exec Code 2014-10-25 2017-09-08
4.6
None Local Low Not required Partial Partial Partial
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.
556 CVE-2014-7177 2014-10-31 2017-09-08
4.0
None Remote Low ??? Partial None None
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
557 CVE-2014-7158 352 CSRF 2014-10-02 2017-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch.
558 CVE-2014-7157 79 XSS 2014-10-02 2017-09-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch.
559 CVE-2014-7156 264 DoS 2014-10-02 2018-10-30
3.3
None Local Network Low Not required None None Partial
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.
560 CVE-2014-7155 264 DoS +Priv 2014-10-02 2018-10-30
5.8
None Local Network Low Not required Partial Partial Partial
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.
561 CVE-2014-7154 362 DoS 2014-10-02 2018-10-30
6.1
None Local Network Low Not required None None Complete
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.
562 CVE-2014-7144 310 2014-10-02 2016-11-28
4.3
None Remote Medium Not required None Partial None
OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.
563 CVE-2014-7140 Exec Code 2014-10-21 2015-11-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.
564 CVE-2014-7139 79 XSS 2014-10-10 2018-10-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php.
565 CVE-2014-7138 79 XSS 2014-10-16 2018-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.
566 CVE-2014-7135 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
567 CVE-2014-7134 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
568 CVE-2014-7132 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application 13523.82613 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
569 CVE-2014-7131 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Digital Content NewFronts 2014 (aka com.coreapps.android.followme.newfronts2014) application 6.0.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
570 CVE-2014-7129 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Argus Leader Print Edition (aka com.argusleader.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
571 CVE-2014-7128 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
572 CVE-2014-7127 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Football Espana magazine (aka com.triactivemedia.footballespana) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
573 CVE-2014-7125 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Motor (aka com.magzter.motorhwpublishing) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
574 CVE-2014-7124 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
575 CVE-2014-7123 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Brevir Harian V2 (aka com.brevir.harian.v) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
576 CVE-2014-7122 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Lansing State Journal Print (aka com.lansingjournal.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
577 CVE-2014-7121 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Dhanam (aka com.magzter.dhanam) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
578 CVE-2014-7120 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Model Laboratory (aka com.magazinecloner.modellaboratory) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
579 CVE-2014-7119 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The GNAM 2013 (aka com.beepeers.gndam) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
580 CVE-2014-7118 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Itography Item Hunt (aka com.itography.application) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
581 CVE-2014-7117 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
582 CVE-2014-7116 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The NRA Journal (aka com.magazinecloner.nationalrifleassociationjournal) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
583 CVE-2014-7115 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
584 CVE-2014-7113 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
585 CVE-2014-7111 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Android Excellence (aka an.exc.ap) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
586 CVE-2014-7109 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
587 CVE-2014-7108 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
588 CVE-2014-7107 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Human Factor (aka com.magzter.thehumanfactor) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
589 CVE-2014-7106 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Orakel-Ball (aka com.wOrakelball) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
590 CVE-2014-7104 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
591 CVE-2014-7103 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
592 CVE-2014-7102 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Car Insurance Quote Comparison (aka com.seopa.quotezone) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
593 CVE-2014-7101 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Talk Radio Europe (aka com.nobexinc.wls_31251464.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
594 CVE-2014-7100 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
595 CVE-2014-7099 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
596 CVE-2014-7098 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Fylet Secure Large File Sender (aka com.application.fyletFileSender) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
597 CVE-2014-7093 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Superbike Magazine (aka com.triactivemedia.superbike) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
598 CVE-2014-7092 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Ubooly (aka com.ubooly.ubooly) application 4.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
599 CVE-2014-7091 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The Sacramento Kings (aka com.tibco.gse.sports) application 6.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
600 CVE-2014-7090 310 +Info 2014-10-19 2014-11-14
5.4
None Local Network Medium Not required Partial Partial Partial
The MyVCCCD (aka com.dub.app.ventura) application 1.4.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Total number of vulnerabilities : 1414   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.