CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2014-5288 352 CSRF 2020-02-07 2020-02-11
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.
1152 CVE-2014-5278 2020-02-07 2020-02-11
4.3
None Remote Medium Not required None Partial None
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.
1153 CVE-2014-5091 20 1 Exec Code 2020-02-07 2020-02-11
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
1154 CVE-2014-5087 20 Exec Code 2020-02-07 2021-08-16
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
1155 CVE-2014-5086 74 Exec Code 2020-02-10 2021-09-09
6.5
None Remote Low ??? Partial Partial Partial
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider.
1156 CVE-2014-5085 74 Exec Code 2020-02-10 2020-02-14
6.5
None Remote Low ??? Partial Partial Partial
A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro.
1157 CVE-2014-5084 74 Exec Code 2020-02-10 2021-08-16
6.5
None Remote Low ??? Partial Partial Partial
A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus.
1158 CVE-2014-5083 74 Exec Code 2020-02-10 2020-02-14
6.5
None Remote Low ??? Partial Partial Partial
A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider.
1159 CVE-2014-4981 78 Exec Code 2020-02-17 2020-02-20
10.0
None Remote Low Not required Complete Complete Complete
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.
1160 CVE-2014-4968 1 Exec Code 2020-02-12 2020-02-19
6.8
None Remote Medium Not required Partial Partial Partial
The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636.
1161 CVE-2014-4967 74 Exec Code 2020-02-18 2020-02-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
1162 CVE-2014-4966 74 Exec Code 2020-02-18 2020-02-26
7.5
None Remote Low Not required Partial Partial Partial
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.
1163 CVE-2014-4678 74 Exec Code 2020-02-20 2020-02-25
7.5
None Remote Low Not required Partial Partial Partial
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
1164 CVE-2014-4660 522 +Info 2020-02-20 2020-02-25
2.1
None Local Low Not required Partial None None
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format.
1165 CVE-2014-4659 522 +Info 2020-02-20 2020-02-25
2.1
None Local Low Not required Partial None None
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
1166 CVE-2014-4658 200 +Info 2020-02-20 2020-02-25
2.1
None Local Low Not required Partial None None
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
1167 CVE-2014-4657 20 Exec Code 2020-02-20 2020-02-25
7.5
None Remote Low Not required Partial Partial Partial
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
1168 CVE-2014-4651 20 DoS 2020-02-18 2020-02-27
7.5
None Remote Low Not required Partial Partial Partial
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks.
1169 CVE-2014-4650 22 Exec Code Dir. Trav. 2020-02-20 2022-06-27
7.5
None Remote Low Not required Partial Partial Partial
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
1170 CVE-2014-4607 190 Exec Code Overflow 2020-02-12 2020-02-14
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.
1171 CVE-2014-4198 287 Bypass 2020-02-13 2020-02-19
6.4
None Remote Low Not required Partial Partial None
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function.
1172 CVE-2014-4170 269 1 +Info 2020-02-13 2020-02-19
7.5
None Remote Low Not required Partial Partial Partial
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
1173 CVE-2014-4019 200 1 +Info 2020-02-20 2020-02-28
5.0
None Remote Low Not required Partial None None
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
1174 CVE-2014-3919 79 XSS +Info 2020-02-13 2020-02-19
4.3
None Remote Medium Not required None Partial None
A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.
1175 CVE-2014-3879 287 Bypass 2020-02-18 2020-02-27
7.5
None Remote Low Not required Partial Partial Partial
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.
1176 CVE-2014-3860 426 2020-02-12 2020-02-19
4.4
None Local Medium Not required Partial Partial Partial
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability
1177 CVE-2014-3827 79 XSS 2020-02-11 2020-02-12
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php.
1178 CVE-2014-3826 79 XSS 2020-02-11 2020-02-12
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module.
1179 CVE-2014-3622 416 Exec Code 2020-02-19 2020-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
1180 CVE-2014-3484 787 DoS Overflow 2020-02-20 2020-02-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.
1181 CVE-2014-3208 119 DoS Overflow 2020-02-13 2020-02-19
5.0
None Remote Low Not required None None Partial
A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery),
1182 CVE-2014-2875 307 2020-02-06 2022-01-01
4.3
None Remote Medium Not required None Partial None
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.
1183 CVE-2014-2727 78 2020-02-19 2020-02-25
7.5
None Remote Low Not required Partial Partial Partial
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.
1184 CVE-2014-2595 613 Bypass 2020-02-12 2020-02-20
7.5
None Remote Low Not required Partial Partial Partial
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.
1185 CVE-2014-2560 916 2020-02-12 2020-02-14
4.3
None Remote Medium Not required Partial None None
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
1186 CVE-2014-2228 776 Exec Code 2020-02-19 2020-03-06
7.5
None Remote Low Not required Partial Partial Partial
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.
1187 CVE-2014-2225 352 CSRF 2020-02-08 2020-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified impact via a request to api/add/wlanconf; change the guest (3) password, (4) authentication method, or (5) restricted subnets via a request to api/set/setting/guest_access; (6) block, (7) unblock, or (8) reconnect users by MAC address via a request to api/cmd/stamgr; change the syslog (9) server or (10) port via a request to api/set/setting/rsyslogd; (11) have unspecified impact via a request to api/set/setting/smtp; change the syslog (12) server, (13) port, or (14) authentication settings via a request to api/cmd/cfgmgr; or (15) change the Unifi Controller name via a request to api/set/setting/identity.
1188 CVE-2014-2052 611 DoS 2020-02-11 2020-02-12
7.5
None Remote Low Not required Partial Partial Partial
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
1189 CVE-2014-2030 787 DoS Exec Code Overflow 2020-02-06 2020-02-11
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
1190 CVE-2014-1958 120 Exec Code Overflow 2020-02-06 2020-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
1191 CVE-2014-1947 787 DoS Exec Code Overflow 2020-02-17 2020-02-21
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.
1192 CVE-2014-1617 120 DoS Overflow 2020-02-13 2020-02-20
7.1
None Remote Medium Not required None None Complete
Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service.
1193 CVE-2014-0234 1188 2020-02-12 2020-02-25
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.
1194 CVE-2013-7381 74 Exec Code 2020-02-12 2020-02-14
7.5
None Remote Low Not required Partial Partial Partial
libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.
1195 CVE-2013-7378 74 Exec Code 2020-02-12 2020-02-14
7.5
None Remote Low Not required Partial Partial Partial
scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.
1196 CVE-2013-7324 74 2020-02-17 2020-02-28
5.0
None Remote Low Not required None Partial None
Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration.
1197 CVE-2013-7287 326 2020-02-13 2020-02-21
10.0
None Remote Low Not required Complete Complete Complete
MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.
1198 CVE-2013-7286 326 2020-02-12 2021-07-28
5.0
None Remote Low Not required Partial None None
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm
1199 CVE-2013-7173 120 Overflow 2020-02-13 2020-02-20
10.0
None Remote Low Not required Complete Complete Complete
Belkin n750 routers have a buffer overflow.
1200 CVE-2013-7109 20 2020-02-20 2020-03-10
4.4
None Local Medium Not required Partial Partial Partial
OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE
Total number of vulnerabilities : 1395   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 (This Page)25 26 27 28
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.