Export limit exceeded: 363500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3996 1 Manageengine 3 Desktop Central, It360, Password Manager Pro 2025-04-12 N/A
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.
CVE-2014-3997 1 Zohocorp 2 Manageengine It360, Manageengine Password Manager Pro 2025-04-12 N/A
SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.
CVE-2014-4002 2 Cacti, Opensuse 2 Cacti, Opensuse 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php.
CVE-2014-4003 1 Sap 1 Netweaver 2025-04-12 N/A
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.
CVE-2014-4004 1 Sap 1 Project System 2025-04-12 N/A
The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4005 1 Sap 1 Brazil 2025-04-12 N/A
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4006 1 Sap 1 Oil Industry Solution Traders And Schedulers Workbench 2025-04-12 N/A
The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4007 1 Sap 1 Upgrade Tools 2025-04-12 N/A
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4008 1 Sap 1 Web Services Tool 2025-04-12 N/A
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4009 1 Sap 1 Computing Center Management System Monitoring 2025-04-12 N/A
SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4010 1 Sap 1 Transaction Data Pool 2025-04-12 N/A
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4011 1 Sap 1 Capacity Leveling 2025-04-12 N/A
SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4012 1 Sap 1 Open Hub Service 2025-04-12 N/A
SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4013 1 Arubanetworks 1 Clearpass 2025-04-12 N/A
SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-4014 1 Linux 1 Linux Kernel 2025-04-12 N/A
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
CVE-2014-4017 1 Conversionninja 1 Conversion Ninja 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.
CVE-2014-4018 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2025-04-12 N/A
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4020 1 Wireshark 1 Wireshark 2025-04-12 N/A
The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2014-4021 2 Redhat, Xen 2 Enterprise Linux, Xen 2025-04-12 N/A
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.
CVE-2014-4022 1 Xen 1 Xen 2025-04-12 N/A
The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall.