CNA 2014

VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. We are authorized to handle new vulnerability submissions, assign unique CVEs and disclose them. CVE is an international program to discover vulnerabilities which are then assigned and published to the CVE list. Partners coordinate such CVE entries to communicate consistent descriptions. Information technology and cybersecurity professionals all around the world use CVE records to ensure they are discussing the same issues, and to coordinate their efforts to prioritize and address these properly.

Vendor

Not Defined46
BestWebSoft5
yanheven2
saxman2
vicamo2

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

FFmpeg24
Gimmie Plugin3
yanheven console2
saxman maps-js-icoads2
vicamo NetworkManager2

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix108
Temporary Fix0
Workaround1
Unavailable0
Not Defined0

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept1
Unproven24
Not Defined84

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local0
Adjacent46
Network63

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High3
Low75
None31

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required24
None85

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤20
≤35
≤423
≤510
≤659
≤76
≤85
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k8
<2k77
<5k24
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilityScopeResponsibleSubmissionCreatedUpdatedCVESubmitCNA
259628namithjawahar Wp-Insert cross site scriptingVulDBVulDB04/07/202404/07/2024CVE-2014-125111
 
accepted
258781wp-file-upload Plugin wfu_ajaxactions.php wfu_ajax_action_callback cross site scriptingVulDBVulDB03/30/202403/30/2024CVE-2014-125110
 
accepted
248956BestWebSoft Portfolio Plugin bws_menu.php bws_add_menu_render cross site scriptingVulDBVulDB12/24/202301/18/2024CVE-2014-125109
 
accepted
248849w3c online-spellchecker-py spellchecker cross site scriptingVulDBVulDB12/22/202301/18/2024CVE-2014-125108
 
accepted
248270Corveda PHPSandbox String protection mechanismVulDBVulDB12/17/202301/12/2024CVE-2014-125107
 
accepted
230659Broken Link Checker Plugin Settings Page core.php options_page cross site scriptingVulDBVulDB06/03/202306/30/2023CVE-2014-125105
 
accepted
230263VaultPress Plugin MailPoet Plugin class.vaultpress-hotfixes.php protect_aioseo_ajax unrestricted uploadVulDBVulDB05/30/202306/24/2023CVE-2014-125104
 
accepted
230155BestWebSoft Twitter Plugin twitter.php twttr_settings_page cross site scriptingVulDBVulDB05/29/202306/21/2023CVE-2014-125103
 
accepted
230113Bestwebsoft Relevant Plugin Thumbnail information disclosureVulDBVulDB05/28/202306/21/2023CVE-2014-125102
 
accepted
230085Portfolio Gallery Plugin sql injectionVulDBVulDB05/27/202306/21/2023CVE-2014-125101
 
accepted
227764BestWebSoft Job Board Plugin cross site scriptingVulDBVulDB04/30/202305/24/2023CVE-2014-125100
 
accepted
226309I Recommend This Plugin dot-irecommendthis.php sql injectionVulDBVulDB04/18/202305/09/2023CVE-2014-125099
 
accepted
225356Dart http_server Directory Listing virtual_directory.dart VirtualDirectory cross site scriptingVulDBVulDB04/08/202304/26/2023CVE-2014-125098
 
accepted
225354BestWebSoft Facebook Like Button facebook-button-plugin.php fcbkbttn_settings_page cross site scriptingVulDBVulDB04/08/202304/26/2023CVE-2014-125097
 
accepted
225349Fancy Gallery Plugin Options Page class.options.php cross site scriptingVulDBVulDB04/08/202304/26/2023CVE-2014-125096
 
accepted
225320BestWebSoft Contact Form Plugin bws_menu.php bws_add_menu_render cross site scriptingVulDBVulDB04/07/202304/26/2023CVE-2014-125095
 
accepted
225001phpMiniAdmin cross site scriptingVulDBVulDB04/05/202304/22/2023CVE-2014-125094
 
accepted
222610Ad Blocking Detector Plugin ad-blocking-detector.php information disclosureVulDBVulDB03/08/202304/01/2023CVE-2014-125093
 
accepted
222323MaxButtons Plugin maxbuttons-button.php maxbuttons_strip_px cross site scriptingVulDBVulDB03/04/202303/31/2023CVE-2014-125092
 
accepted
222268codepeople cp-polls Plugin cp-admin-int-message-list.inc.php sql injectionVulDBVulDB03/03/202303/31/2023CVE-2014-125091
 
accepted
222262Media Downloader Plugin getfile.php dl_file_resumable cross site scriptingVulDBVulDB03/03/202303/31/2023CVE-2014-125090
 
accepted
221497cention-chatserver InternalChatProtocol.fe _formatBody cross site scriptingVulDBVulDB02/19/202303/23/2023CVE-2014-125089
 
accepted
221488qt-users-jp silk header.qml cross site scriptingVulDBVulDB02/18/202303/23/2023CVE-2014-125088
 
accepted
221480java-xmlbuilder xml external entity referenceVulDBVulDB02/18/202303/23/2023CVE-2014-125087
 
accepted
220207Gimmie Plugin trigger_login.php sql injectionVulDBVulDB02/04/202303/05/2023CVE-2014-125086
 
accepted
220206Gimmie Plugin trigger_ratethread.php sql injectionVulDBVulDB02/04/202303/05/2023CVE-2014-125085
 
accepted
220205Gimmie Plugin trigger_referral.php sql injectionVulDBVulDB02/04/202303/05/2023CVE-2014-125084
 
accepted
218911Anant Labs google-enterprise-connector-dctm sql injectionVulDBVulDB01/18/202302/15/2023CVE-2014-125083
 
accepted
218464nivit redports model.py sql injectionVulDBVulDB01/17/202302/09/2023CVE-2014-125082
 
accepted
218459risheesh debutsav sql injectionVulDBVulDB01/17/202302/09/2023CVE-2014-125081
 
accepted
218398frontaccounting faplanet path traversalVulDBVulDB01/15/202302/07/2023CVE-2014-125080
 
accepted
218356agy pontifex.http Http.coffee sql injectionVulDBVulDB01/14/202302/07/2023CVE-2014-125079
 
accepted
218354yanheven console horizon.instances.js cross site scriptingVulDBVulDB01/14/202302/07/2023CVE-2014-125078
 
accepted
218351pointhi searx_stats cron.php sql injectionVulDBVulDB01/14/202302/07/2023CVE-2014-125077
 
accepted
218022NoxxieNl Criminals roulette.php sql injectionVulDBVulDB01/11/202302/04/2023CVE-2014-125076
 
accepted
218021gmail-servlet Model.java search sql injectionVulDBVulDB01/11/202302/04/2023CVE-2014-125075
 
accepted
218005Nayshlok Voyager DatabaseAccess.java sql injectionVulDBVulDB01/11/202302/01/2023CVE-2014-125074
 
accepted
217790mapoor voteapp app.py show_refresh sql injectionVulDBVulDB01/10/202301/31/2023CVE-2014-125073
 
accepted
217719CherishSin klattr sql injectionVulDBVulDB01/09/202301/30/2023CVE-2014-125072
 
accepted
217716lukehutch Gribbit HttpRequestHandler.java messageReceived missing origin validation in websocketsVulDBVulDB01/09/202301/30/2023CVE-2014-125071
 
accepted
217651yanheven console tables.py AvailabilityZonesTable cross site scriptingVulDBVulDB01/08/202301/30/2023CVE-2014-125070
 
accepted
217644saxman maps-js-icoads exposure of information through directory listingVulDBVulDB01/08/202301/30/2023CVE-2014-125069
 
accepted
217643saxman maps-js-icoads http-server.js path traversalVulDBVulDB01/08/202301/30/2023CVE-2014-125068
 
accepted
217639corincerami curiosity image_controller.rb sql injectionVulDBVulDB01/08/202301/30/2023CVE-2014-125067
 
accepted
217636emmflo yuko-bot denial of serviceVulDBVulDB01/08/202301/30/2023CVE-2014-125066
 
accepted
217632john5223 bottle-auth sql injectionVulDBVulDB01/07/202301/30/2023CVE-2014-125065
 
accepted
217631elgs gosqljson gosqljson.go ExecDb sql injection [False-Positive]VulDBVulDB01/07/202302/21/2023CVE-2014-125064
 
revoked
217625ada-l0velace Bid sql injectionVulDBVulDB01/07/202301/30/2023CVE-2014-125063
 
accepted
217621ananich bitstorm announce.php sql injectionVulDBVulDB01/07/202301/29/2023CVE-2014-125062
 
accepted
217616peel filebroker common.rb select_transfer_status_desc sql injectionVulDBVulDB01/07/202301/29/2023CVE-2014-125061
 
accepted
217614holdennb CollabCal calenderServer.cpp handleGet improper authenticationVulDBVulDB01/07/202301/29/2023CVE-2014-125060
 
accepted
217613sternenseemann sternenblog main.c blog_index file inclusionVulDBVulDB01/07/202301/29/2023CVE-2014-125059
 
accepted
217607LearnMeSomeCodes project3 search.rb search_first_name sql injectionVulDBVulDB01/07/202301/29/2023CVE-2014-125058
 
accepted
217599mrobit robitailletheknot CSRF Token filters.php comparisonVulDBVulDB01/07/202301/29/2023CVE-2014-125057
 
accepted
217598Pylons horus services.py timing discrepancyVulDBVulDB01/07/202301/29/2023CVE-2014-125056
 
accepted
217596agnivade easy-scrypt scrypt.go VerifyPassphrase timing discrepancyVulDBVulDB01/07/202301/29/2023CVE-2014-125055
 
accepted
217594koroket RedditOnRails Vote access controlVulDBVulDB01/07/202301/29/2023CVE-2014-125054
 
accepted
217582Piwigo-Guest-Book Navigation Bar guestbook.inc.php sql injectionVulDBVulDB01/06/202301/29/2023CVE-2014-125053
 
accepted
217571JervenBolleman sparql-identifiers RegistryDao.java sql injectionVulDBVulDB01/06/202301/29/2023CVE-2014-125052
 
accepted
217564himiklab yii2-jqgrid-widget JqGridAction.php addSearchOptionsRecursively sql injectionVulDBVulDB01/06/202301/29/2023CVE-2014-125051
 
accepted
217562ScottTZhang voter-js main.js sql injectionVulDBVulDB01/06/202301/29/2023CVE-2014-125050
 
accepted
217560typcn Blogile server.js getNav sql injectionVulDBVulDB01/06/202301/29/2023CVE-2014-125049
 
accepted
217559kassi xingwall oauth.js session fixiationVulDBVulDB01/06/202301/29/2023CVE-2014-125048
 
accepted
217557tbezman school-store sql injectionVulDBVulDB01/06/202301/29/2023CVE-2014-125047
 
accepted
217551Seiji42 cub-scout-tracker databaseAccessFunctions.js sql injectionVulDBVulDB01/06/202301/29/2023CVE-2014-125046
 
accepted
217525meol1 index.php GetAnimal sql injectionVulDBVulDB01/05/202301/29/2023CVE-2014-125045
 
accepted
217515soshtolsus wing-tight index.php file inclusionVulDBVulDB01/05/202301/29/2023CVE-2014-125044
 
accepted
217514vicamo NetworkManager nm-device.c send_arps return value [False-Positive]VulDBVulDB01/05/202302/27/2023CVE-2014-125043
 
revoked
217513vicamo NetworkManager nm_setting_vlan_add_priority_str release of resource [False-Positive]VulDBVulDB01/05/202302/27/2023CVE-2014-125042
 
revoked
217486Miccighel PR-CWT sql injectionVulDBVulDB01/05/202301/28/2023CVE-2014-125041
 
accepted
217484stevejagodzinski DevNewsAggregator RemoteHtmlContentDataAccess.php getByName sql injectionVulDBVulDB01/05/202301/28/2023CVE-2014-125040
 
accepted
217352kkokko NeoXplora Trainer cross site scriptingVulDBVulDB01/04/202301/28/2023CVE-2014-125039
 
accepted
217192IS_Projecto2 NewsBean.java sql injectionVulDBVulDB01/02/202301/27/2023CVE-2014-125038
 
accepted
217191License to Kill injury.rb sql injectionVulDBVulDB01/02/202301/27/2023CVE-2014-125037
 
accepted
217190drybjed ansible-ntp main.yml amplificationVulDBVulDB01/02/202301/27/2023CVE-2014-125036
 
accepted
217189Jobs-Plugin cross site scriptingVulDBVulDB01/02/202301/27/2023CVE-2014-125035
 
accepted
217183stiiv contact_app View.php render cross site scriptingVulDBVulDB01/02/202301/26/2023CVE-2014-125034
 
accepted
217178rails-cv-app uploaded_files_controller.rb path traversalVulDBVulDB01/02/202301/26/2023CVE-2014-125033
 
accepted
217177porpeeranut go-with-me add.php sql injectionVulDBVulDB01/02/202301/26/2023CVE-2014-125032
 
accepted
217176kirill2485 TekNet loggedin.php cross site scriptingVulDBVulDB01/02/202301/26/2023CVE-2014-125031
 
accepted
217154taoeffect Empress hard-coded passwordVulDBVulDB01/01/202301/26/2023CVE-2014-125030
 
accepted
217150ttskch PaginationServiceProvider Demo index.php sql injectionVulDBVulDB12/31/202201/26/2023CVE-2014-125029
 
accepted
217148valtech IDP Test Client main.py cross-site request forgeryVulDBVulDB12/31/202201/26/2023CVE-2014-125028
 
accepted
217147Yuna Scatari TBDev usersearch.php get_user_icons cross site scriptingVulDBVulDB12/31/202201/26/2023CVE-2014-125027
 
accepted
13428Cardo Systems Scala Rider Q3 Cardo-Updater api privileges managementVulDBVulDB06/03/201405/24/2022CVE-2014-125001
 
accepted
12588FFmpeg dnxhdenc.c dnxhd_init_rc memory corruptionVulDBVulDB03/13/201406/17/2022CVE-2014-125002
 
accepted
12587FFmpeg jpeg2000dec.c get_siz memory corruptionVulDBVulDB03/13/201406/17/2022CVE-2014-125003
 
accepted
12586FFmpeg vmnc.c decode_hextile memory corruptionVulDBVulDB03/13/201406/17/2022CVE-2014-125004
 
accepted
12585FFmpeg mpeg4videodec.c decode_vol_header memory corruptionVulDBVulDB03/13/201406/17/2022CVE-2014-125005
 
accepted
12584FFmpeg h264.c output_frame memory corruptionVulDBVulDB03/13/201406/17/2022CVE-2014-125006
 
accepted
12583FFmpeg hevcpred_template.c intra_pred memory corruptionVulDBVulDB03/13/201406/17/2022CVE-2014-125007
 
accepted
12582FFmpeg oggparsevorbis.c vorbis_header memory corruptionVulDBVulDB03/13/201406/17/2022CVE-2014-125008
 
accepted
12393FFmpeg snow.h add_yblock memory corruptionVulDBVulDB02/24/201406/17/2022CVE-2014-125009
 
accepted
12392FFmpeg h64.c decode_slice_header memory corruptionVulDBVulDB02/24/201406/17/2022CVE-2014-125010
 
accepted
12391FFmpeg ansi.c decode_frame integer coercionVulDBVulDB02/24/201406/17/2022CVE-2014-125011
 
accepted
12390FFmpeg dxtroy.c integer coercionVulDBVulDB02/24/201406/17/2022CVE-2014-125012
 
accepted
12389FFmpeg msrle.c msrle_decode_frame memory corruptionVulDBVulDB02/24/201406/17/2022CVE-2014-125013
 
accepted
12367FFmpeg HEVC Video Decoder memory corruptionVulDBVulDB02/22/201406/17/2022CVE-2014-125014
 
accepted
12366FFmpeg read_var_block_data memory corruptionVulDBVulDB02/22/201406/17/2022CVE-2014-125015
 
accepted
12365FFmpeg utils.c ff_init_buffer_info memory corruptionVulDBVulDB02/22/201406/17/2022CVE-2014-125016
 
accepted

9 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 9 results.

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!