Search

Search Results (363284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2993 1 Birebin 1 Birebin.com App 2025-04-12 N/A
The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2994 1 Acunetix 1 Web Vulnerability Scanner 2025-04-12 N/A
Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).
CVE-2014-2995 1 Twitget Project 1 Twitget 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitget_consumer_key parameter to wp-admin/options-general.php.
CVE-2014-2996 1 Xcloner 1 Xcloner 2025-04-12 N/A
XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579.
CVE-2014-3000 1 Freebsd 1 Freebsd 2025-04-12 N/A
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.
CVE-2014-3001 1 Freebsd 1 Freebsd 2025-04-12 N/A
The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process.
CVE-2014-3004 3 Castor Project, Opensuse, Opensuse Project 3 Castor, Opensuse, Opensuse 2025-04-12 N/A
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
CVE-2014-3006 1 Sitepark 1 Information Enterprise Server 2025-04-12 N/A
Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.
CVE-2014-3007 2 Python, Pythonware 2 Pillow, Python Imaging Library 2025-04-12 N/A
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.
CVE-2014-3008 1 Unitrends 1 Enterprise Backup 2025-04-12 N/A
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
CVE-2014-3009 1 Ibm 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management 2025-04-12 N/A
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site.
CVE-2014-3010 1 Ibm 1 Websphere Service Registry And Repository 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-3011 1 Ibm 1 Openpages Grc Platform 2025-04-12 N/A
IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors.
CVE-2014-3012 1 Ibm 1 Curam Social Program Management 2025-04-12 N/A
Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs.
CVE-2014-3013 1 Ibm 1 Curam Social Program Management 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer.
CVE-2014-3014 1 Ibm 1 Sametime 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-3015 1 Ibm 1 Sametime Proxy Server And Web Client 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2014-3018 1 Ibm 4 Sas Connectivity Module, Sas Connectivity Module Firmware, Sas Raid Module and 1 more 2025-04-12 N/A
IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to cause a denial of service (reboot) via a flood of IP packets.
CVE-2014-3019 1 Ibm 4 Sas Connectivity Module, Sas Connectivity Module Firmware, Sas Raid Module and 1 more 2025-04-12 N/A
IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session.
CVE-2014-3020 1 Ibm 2 Embedded Websphere Application Server, Tivoli Integrated Portal 2025-04-12 N/A
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.