Export limit exceeded: 363337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363337 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3778 1 Commscope 1 Arris Sbg901 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter.
CVE-2014-3779 1 Zohocorp 1 Manageengine Adselfservice Plus 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.
CVE-2014-3780 1 Citrix 1 Vdi-in-a-box 2025-04-12 N/A
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.
CVE-2014-3781 1 Dotclear 1 Dotclear 2025-04-12 N/A
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.
CVE-2014-3782 1 Dotclear 1 Dotclear 2025-04-12 N/A
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.
CVE-2014-3783 1 Dotclear 1 Dotclear 2025-04-12 N/A
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.
CVE-2014-3786 1 Lucidcrew 1 Pixie 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemail or (2) subject parameter in the Contact form to contact/.
CVE-2014-3788 1 Cogentdatahub 1 Cogent Datahub 2025-04-12 N/A
Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request.
CVE-2014-3789 1 Cogentdatahub 1 Cogent Datahub 2025-04-12 N/A
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-3790 1 Vmware 1 Vcenter Server Appliance 2025-04-12 N/A
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.
CVE-2014-3791 1 Efssoft 1 Easy File Sharing Web Server 2025-04-12 N/A
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
CVE-2014-3793 1 Vmware 4 Esxi, Fusion, Player and 1 more 2025-04-12 N/A
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.
CVE-2014-3796 1 Vmware 2 Nsx, Vcloud Networking And Security 2025-04-12 N/A
VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.
CVE-2014-3797 1 Vmware 1 Vcenter Server Appliance 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3800 1 Xbmc 1 Xbmc 2025-04-12 N/A
XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.
CVE-2014-3801 2 Openstack, Redhat 2 Heat, Openstack 2025-04-12 N/A
OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.
CVE-2014-3802 1 Microsoft 2 Debug Interface Access Software Development Kit, Visual Studio 2025-04-12 N/A
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.
CVE-2014-3803 1 Google 1 Chrome 2025-04-12 N/A
The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.
CVE-2014-3804 1 Alienvault 1 Open Source Security Information Management 2025-04-12 N/A
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
CVE-2014-3939 1 Autodesk 1 Sketchbook Pro 2025-04-12 N/A
Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file.