Search

Search Results (366877 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3951 1 Sonicwall 1 Scrutinizer 2025-04-11 N/A
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
CVE-2013-5476 1 Cisco 1 Ios 2025-04-11 N/A
The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174.
CVE-2012-2859 2 Google, Linux 2 Chrome, Linux Kernel 2025-04-11 N/A
Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2012-2846 2 Google, Linux 2 Chrome, Linux Kernel 2025-04-11 N/A
Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors.
CVE-2013-7292 1 Vasco 1 Identikey Authentication Server 2025-04-11 N/A
VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass Active Directory (AD) authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password.
CVE-2014-1673 1 Checkpoint 1 Session Authentication Agent 2025-04-11 N/A
Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors.
CVE-2014-1680 1 Bandisoft 1 Bandizip 2025-04-11 N/A
Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
CVE-2014-1683 1 Skybluecanvas 1 Skybluecanvas 2025-04-11 N/A
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
CVE-2014-1694 1 Otrs 1 Otrs 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.
CVE-2014-1696 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2014-1697 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.
CVE-2014-1698 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999.
CVE-2014-1699 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.
CVE-2014-1833 1 Devscripts Devel Team 1 Devscripts 2025-04-11 N/A
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
CVE-2014-1837 1 Stackideas 1 Komento 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."
CVE-2014-1861 1 Jetroplatforms 1 Jetro Cockpit Secure Browsing 2025-04-11 N/A
The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.
CVE-2014-1869 2 Redhat, Zeroclipboard Project 2 Openshift, Zeroclipboard 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
CVE-2014-1870 2 Apple, Opera 2 Mac Os X, Opera Browser 2025-04-11 N/A
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.
CVE-2014-1876 2 Oracle, Redhat 5 Openjdk, Enterprise Linux, Network Satellite and 2 more 2025-04-11 N/A
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
CVE-2014-1879 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.