LiveActive security incident?Get immediate response
CVE archive

January 2014

Browse CVE records published in January 2014, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 895 matching CVEs · Page 3 of 18.

Medium · CVSS 5.5

CVE-2014-125040: stevejagodzinski DevNewsAggregator RemoteHtmlContentDataAccess.php getByName sql injection

A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484.

Published Jan 5, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2014-125052: JervenBolleman sparql-identifiers RegistryDao.java sql injection

A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The patch is named 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571.

Published Jan 6, 2023 · Updated Aug 6, 2024

Low · CVSS 2.6

CVE-2014-125055: agnivade easy-scrypt scrypt.go VerifyPassphrase timing discrepancy

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596.

Published Jan 7, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2014-125062: ananich bitstorm announce.php sql injection

A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The identifier of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability.

Published Jan 7, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2014-125061: peel filebroker common.rb select_transfer_status_desc sql injection

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection. The name of the patch is 91097e26a6c84d3208a351afaa52e0f62e5853ef. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217616. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published Jan 7, 2023 · Updated Aug 6, 2024

Low · CVSS 3.5

CVE-2014-125033: rails-cv-app uploaded_files_controller.rb path traversal

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability.

Published Jan 2, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2014-125075: gmail-servlet Model.java search sql injection

A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The identifier of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability.

Published Jan 11, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2014-125051: himiklab yii2-jqgrid-widget JqGridAction.php addSearchOptionsRecursively sql injection

A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is a117e0f2df729e3ff726968794d9a5ac40e660b9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217564.

Published Jan 6, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2014-125034: stiiv contact_app View.php render cross site scripting

A vulnerability has been found in stiiv contact_app and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The patch is named 67bec33f559da9d41a1b45eb9e992bd8683a7f8c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217183.

Published Jan 2, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2014-125039: kkokko NeoXplora Trainer cross site scripting

A vulnerability, which was classified as problematic, has been found in kkokko NeoXplora. Affected by this issue is some unknown functionality of the component Trainer Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217352.

Published Jan 4, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2014-125032: porpeeranut go-with-me add.php sql injection

A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/frontend/add.php. The manipulation leads to sql injection. The identifier of the patch is b92451e4f9e85e26cf493c95ea0a69e354c35df9. It is recommended to apply a patch to fix this issue. The identifier VDB-217177 was assigned to this vulnerability.

Published Jan 2, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2014-125045: meol1 index.php GetAnimal sql injection

A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The identifier of the patch is 82441e413f87920d1e8f866e8ef9d7f353a7c583. It is recommended to apply a patch to fix this issue. The identifier VDB-217525 was assigned to this vulnerability.

Published Jan 5, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2014-125031: kirill2485 TekNet loggedin.php cross site scripting

A vulnerability was found in kirill2485 TekNet. It has been classified as problematic. Affected is an unknown function of the file pages/loggedin.php. The manipulation of the argument statusentery leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 1c575340539f983333aa43fc58ecd76eb53e1816. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217176.

Published Jan 2, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2014-125035: Jobs-Plugin cross site scripting

A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability.

Published Jan 2, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2014-125029: ttskch PaginationServiceProvider Demo index.php sql injection

A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability.

Published Jan 7, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2014-125047: tbezman school-store sql injection

A vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommended to apply a patch to fix this issue. The identifier VDB-217557 was assigned to this vulnerability.

Published Jan 6, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2014-125037: License to Kill injury.rb sql injection

A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The patch is named cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217191.

Published Jan 2, 2023 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-100001: Cross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for Wo...

Cross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.

Published Jan 13, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-10398: Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client.

Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value.

Published Jan 3, 2020 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-10008: Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijac...

Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page.

Published Jan 13, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9910: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious applica...

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710.

Published Jan 18, 2017 · Updated Aug 6, 2024