Export limit exceeded: 363327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363327 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2259 1 Siemens 1 Simatic S7-1500 Cpu Firmware 2025-04-12 N/A
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets.
CVE-2014-2260 1 Ajenti 1 Ajenti 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.
CVE-2014-2262 1 Sas 1 Base Sas 2025-04-12 N/A
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.
CVE-2014-2265 2 Rocklobster, Wordpress 2 Contact Form 7, Wordpress 2025-04-12 N/A
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
CVE-2014-2268 1 Vtiger 1 Vtiger Crm 2025-04-12 N/A
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.
CVE-2014-2269 1 Vtiger 1 Vtiger Crm 2025-04-12 N/A
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.
CVE-2014-2270 6 Canonical, Debian, File Project and 3 more 7 Ubuntu Linux, Debian Linux, File and 4 more 2025-04-12 N/A
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
CVE-2014-2273 1 Huawei 2 P2-6011, P2-6011 Firmware 2025-04-12 N/A
The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors.
CVE-2014-2640 1 Hp 1 System Management Homepage 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-2276 1 Emc 1 Connectrix Manager 2025-04-12 N/A
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.
CVE-2014-2278 1 Seeddms 1 Seeddms 2025-04-12 N/A
Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter.
CVE-2014-2279 1 Seeddms 1 Seeddms 2025-04-12 N/A
Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. (dot dot) in the logname parameter to out/out.LogManagement.php or (2) remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to op/op.AddFile2.php. NOTE: vector 2 can be leveraged to execute arbitrary code by using CVE-2014-2278.
CVE-2014-2280 1 Seeddms 1 Seeddms 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2014-2284 2 Net-snmp, Redhat 2 Net-snmp, Enterprise Linux 2025-04-12 N/A
The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2014-2285 2 Net-snmp, Redhat 2 Net-snmp, Enterprise Linux 2025-04-12 N/A
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.
CVE-2014-2286 2 Digium, Fedoraproject 3 Asterisk, Certified Asterisk, Fedora 2025-04-12 N/A
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
CVE-2014-2287 2 Digium, Fedoraproject 3 Asterisk, Certified Asterisk, Fedora 2025-04-12 N/A
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.
CVE-2014-2288 1 Digium 1 Asterisk 2025-04-12 N/A
The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.
CVE-2014-2289 1 Digium 1 Asterisk 2025-04-12 N/A
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
CVE-2014-2291 1 Juniper 1 Ive Os 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.