Search

Search Results (363290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2955 1 Raritan 2 Dpxr20a-16, Px 2025-04-12 N/A
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
CVE-2014-2956 1 Avg 2 Safeguard, Secure Search Toolbar 2025-04-12 N/A
ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site.
CVE-2014-2967 1 Autodesk 1 Vred 2025-04-12 N/A
Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.
CVE-2014-2957 1 Exim 1 Exim 2025-04-12 N/A
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
CVE-2014-2959 2 Dell, Quantum 4 Powervault Ml6000, Powervault Ml6000 Firmware, Scalar I500 and 1 more 2025-04-12 N/A
logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.
CVE-2014-2962 1 Belkin 2 N150 F9k1009, N150 F9k1009 Firmware 2025-04-12 N/A
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
CVE-2014-2963 1 Liferay 1 Liferay Portal 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.
CVE-2014-2964 1 Cobham 2 Aviator 700d, Aviator 700e 2025-04-12 N/A
Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line.
CVE-2014-2965 1 Spamtitan 1 Spamtitan 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter.
CVE-2014-2966 1 Caucho 1 Resin 2025-04-12 N/A
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.
CVE-2014-2968 1 Huawei 3 E355, E355 Firmware, E355 Web Ui 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message.
CVE-2014-2969 1 Netgear 2 Gs108pe, Gs108pe Firmware 2025-04-12 N/A
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.
CVE-2014-2971 1 Micropact 1 Icomplaints 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter.
CVE-2014-2972 1 Exim 1 Exim 2025-04-12 N/A
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
CVE-2014-2974 1 Silver-peak 1 Vx 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
CVE-2014-2975 1 Silver-peak 1 Vx 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.
CVE-2014-2976 1 Sixnet 1 Sixview Manager 2025-04-12 N/A
Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.
CVE-2014-2977 3 Directfb, Opensuse, Suse 6 Directfb, Opensuse, Linux Enterprise Desktop and 3 more 2025-04-12 N/A
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
CVE-2014-2978 3 Directfb, Opensuse, Suse 6 Directfb, Opensuse, Linux Enterprise Desktop and 3 more 2025-04-12 N/A
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
CVE-2014-2980 1 Gnustep 1 Base 2025-04-12 N/A
Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.