Export limit exceeded: 364910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364910 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0646 1 Apple 1 Iphone Os 2025-04-11 N/A
Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
CVE-2011-4051 1 Indusoft 1 Web Studio 2025-04-11 N/A
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.
CVE-2012-1382 2 Google, Netease 2 Android, Youdao Dictionary 2025-04-11 N/A
Unspecified vulnerability in the Youdao Dictionary (com.youdao.dict) application 1.6.1, 2.0.1(2), and 3.0.0(1) for Android has unknown impact and attack vectors.
CVE-2012-1383 2 Google, Netease 2 Android, Netease Reader 2025-04-11 N/A
Unspecified vulnerability in the NetEase Reader (com.netease.pris) application 1.1.2 and 1.2.0 for Android has unknown impact and attack vectors.
CVE-2011-1148 2 Php, Redhat 2 Php, Enterprise Linux 2025-04-11 N/A
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.
CVE-2014-1673 1 Checkpoint 1 Session Authentication Agent 2025-04-11 N/A
Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors.
CVE-2014-1680 1 Bandisoft 1 Bandizip 2025-04-11 N/A
Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
CVE-2014-1681 1 Google 1 Chrome 2025-04-11 N/A
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting."
CVE-2014-1683 1 Skybluecanvas 1 Skybluecanvas 2025-04-11 N/A
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
CVE-2014-1694 1 Otrs 1 Otrs 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.
CVE-2014-1696 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2014-1697 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.
CVE-2014-1698 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999.
CVE-2014-1699 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.
CVE-2014-1833 1 Devscripts Devel Team 1 Devscripts 2025-04-11 N/A
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
CVE-2014-1837 1 Stackideas 1 Komento 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."
CVE-2014-1861 1 Jetroplatforms 1 Jetro Cockpit Secure Browsing 2025-04-11 N/A
The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.
CVE-2014-1869 2 Redhat, Zeroclipboard Project 2 Openshift, Zeroclipboard 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
CVE-2014-1870 2 Apple, Opera 2 Mac Os X, Opera Browser 2025-04-11 N/A
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.
CVE-2014-1876 2 Oracle, Redhat 5 Openjdk, Enterprise Linux, Network Satellite and 2 more 2025-04-11 N/A
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.