Export limit exceeded: 363715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363715 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4627 | 1 Rsa | 1 Web Threat Detection | 2025-04-12 | 8.8 High |
| SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-4628 | 1 Emc | 1 Isilon Insightiq | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-4629 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference. | ||||
| CVE-2014-4630 | 1 Dell | 2 Bsafe Micro-edition-suite, Bsafe Ssl-j | 2025-04-12 | N/A |
| EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." | ||||
| CVE-2014-4631 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2025-04-12 | N/A |
| RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. | ||||
| CVE-2014-4632 | 1 Vmware | 1 Vsphere Data Protection | 2025-04-12 | N/A |
| VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate. | ||||
| CVE-2014-4633 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-4634 | 1 Emc | 2 Appsync, Replication Manager | 2025-04-12 | N/A |
| Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | ||||
| CVE-2014-4635 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-4636 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. | ||||
| CVE-2014-4637 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | N/A |
| Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | ||||
| CVE-2014-4638 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | N/A |
| EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-4639 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | N/A |
| EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value. | ||||
| CVE-2014-4643 | 1 Coreftp | 1 Core Ftp | 2025-04-12 | N/A |
| Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command. | ||||
| CVE-2014-4644 | 1 Cacti | 1 Superlinks | 2025-04-12 | N/A |
| SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2014-4645 | 1 Dlink | 1 Dsl-2760u-e1 | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. | ||||
| CVE-2014-4646 | 1 Foxitsoftware | 1 Foxit Pdf Sdk Dll | 2025-04-12 | N/A |
| Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2014-4647 | 1 Embarcadero | 1 Er\/studio Data Architect | 2025-04-12 | N/A |
| Stack-based buffer overflow in the loadExtensionFactory method in the TSVisualization ActiveX control in Embarcadero ER/Studio Data Architect allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2014-4648 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure." | ||||
| CVE-2014-4649 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. | ||||