LiveActive security incident?Get immediate response
CVE archive

July 2014

Browse CVE records published in July 2014, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 698 matching CVEs · Page 2 of 14.

Unknown · CVSS Not scored

CVE-2014-4717: Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before...

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.

Published Jul 3, 2014 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2014-5016: Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers...

Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to application/views/admin/globalSettings_view.php, or (3) a crafted CSV file to the "Import CSV" functionality.

Published Jul 21, 2014 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2014-5104: Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL...

Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.

Published Jul 28, 2014 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2014-4718: Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers...

Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.

Published Jul 3, 2014 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2014-5101: Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitra...

Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php.

Published Jul 25, 2014 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2014-5113: Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allo...

Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter.

Published Jul 28, 2014 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2014-10374: On Fitbit activity-tracker devices, certain addresses never change.

On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low Energy (BLE) advertising packets with a TxAdd flag indicating random addresses, but the addresses remain constant. If devices come within BLE range at one or more locations where an adversary has set up passive sniffing, the adversary can determine whether the same device has entered one of these locations.

Published Jul 15, 2019 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9789: The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in...

The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425.

Published Jul 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9778: The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm compon...

The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694.

Published Jul 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9786: Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qu...

Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28557260 and Qualcomm internal bug CR545979.

Published Jul 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9795: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not prope...

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325.

Published Jul 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9799: The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits...

The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.

Published Jul 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9798: platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices d...

platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.

Published Jul 11, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9790: drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013)...

drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716.

Published Jul 11, 2016 · Updated Aug 6, 2024