Search

Search Results (363341 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2340 1 Xcloner 1 Xcloner 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.
CVE-2014-2382 1 Faronics 1 Deep Freeze 2025-04-12 N/A
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.
CVE-2014-2383 1 Dompdf 1 Dompdf 2025-04-12 N/A
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.
CVE-2014-2385 1 Sophos 1 Anti-virus 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter to exclusion/configure or (4) text:EmailServer or (5) newListList:Email parameter to notification/configure.
CVE-2014-2388 1 Blackberry 5 Blackberry Os, Q10, Q5 and 2 more 2025-04-12 N/A
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.
CVE-2014-2390 1 Mcafee 1 Network Security Manager 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors.
CVE-2014-2391 1 Open-xchange 1 Open-xchange Appsuite 2025-04-12 N/A
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.
CVE-2014-2095 1 Catfish Project 1 Catfish 2025-04-12 N/A
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory.
CVE-2014-1746 1 Google 1 Chrome 2025-04-12 N/A
The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.
CVE-2014-1747 1 Google 1 Chrome 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."
CVE-2014-1748 1 Google 1 Chrome 2025-04-12 N/A
The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.
CVE-2014-1749 1 Google 1 Chrome 2025-04-12 N/A
Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2014-1750 1 Nokia Maps \& Places Project 1 Nokia Maps \& Places 2025-04-12 N/A
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as a cross-site scripting (XSS) vulnerability, but this may be inaccurate.
CVE-2014-1751 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1755.
CVE-2014-1752 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2014-1753 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2014-1754 1 Microsoft 4 Office Web Apps Server, Sharepoint Foundation, Sharepoint Server and 1 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
CVE-2014-1755 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1751.
CVE-2014-1756 1 Microsoft 1 Office 2025-04-12 N/A
Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Microsoft Office Chinese Grammar Checking Vulnerability."
CVE-2014-1757 1 Microsoft 2 Office Compatibility Pack, Word 2025-04-12 N/A
Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability."