LiveActive security incident?Get immediate response
CVE archive

August 2014

Browse CVE records published in August 2014, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 527 matching CVEs · Page 1 of 11.

Critical · CVSS 9.3

CVE-2014-125113: Dell/Quest KACE K1000 Unauthenticated File Upload RCE

An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible directory, which are later executed through inclusion in backend code that loads files under attacker-controlled paths.

Published Aug 5, 2025 · Updated May 14, 2026

High · CVSS 7.5

CVE-2014-5399: Schneider Electric Wonderware SQL Injection

SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published Aug 28, 2014 · Updated Oct 31, 2025

Low · CVSS 2.1

CVE-2014-5398: Schneider Electric Wonderware Input Validation

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published Aug 28, 2014 · Updated Oct 31, 2025

High · CVSS 7.5

CVE-2014-5397: Schneider Electric Wonderware Cross-site Scripting

Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published Aug 28, 2014 · Updated Oct 31, 2025

Medium · CVSS 4.7

CVE-2014-0762: CG Automation ePAQ-9410 Substation Gateway Improper Input Validation

The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation Gateway products, does not validate input correctly. An attacker could cause the software to go into an infinite loop, causing the process to crash. The system must be restarted manually to clear the condition.

Published Aug 28, 2014 · Updated Sep 19, 2025

Unknown · CVSS Not scored

CVE-2014-5182: Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated use...

Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.

Published Aug 6, 2014 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2014-5346: Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for Wor...

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to wp-admin/edit-comments.php, (3) import comments via an import_comments action, or (4) export comments via an export_comments action to wp-admin/index.php.

Published Aug 19, 2014 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2014-5350: Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote atta...

Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.

Published Aug 19, 2014 · Updated Sep 16, 2024