Search Results (9530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-4078 1 Microsoft 1 Internet Information Services 2025-04-12 N/A
The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability."
CVE-2016-9837 1 Joomla 1 Joomla\! 2025-04-12 N/A
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request.
CVE-2014-4367 1 Apple 1 Iphone Os 2025-04-12 N/A
Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.
CVE-2014-4368 1 Apple 1 Iphone Os 2025-04-12 N/A
The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
CVE-2013-6770 2 Google, Koushik Dutta 2 Android, Superuser 2025-04-12 N/A
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.
CVE-2013-6775 2 Chainfire, Google 2 Supersu, Android 2025-04-12 N/A
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su.
CVE-2014-4621 1 Emc 1 Documentum Content Server 2025-04-12 N/A
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.
CVE-2014-4624 1 Avamar Virtual Edition 4 6.0, 6.0.402, 7.0 and 1 more 2025-04-12 N/A
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.
CVE-2014-4683 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-12 N/A
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.
CVE-2014-4684 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-12 N/A
The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.
CVE-2014-4685 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-12 N/A
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.
CVE-2014-4757 1 Ibm 1 Content Collector 2025-04-12 N/A
The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary mailbox by invoking the Search function.
CVE-2014-4759 1 Ibm 1 Business Process Manager 2025-04-12 N/A
An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results.
CVE-2014-4817 1 Ibm 1 Tivoli Storage Manager 2025-04-12 N/A
The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename.
CVE-2014-0002 2 Apache, Redhat 9 Camel, Fuse Esb Enterprise, Fuse Management Console and 6 more 2025-04-12 N/A
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-0005 1 Redhat 6 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 3 more 2025-04-12 N/A
PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.
CVE-2014-0107 3 Apache, Oracle, Redhat 15 Xalan-java, Webcenter Sites, Enterprise Linux and 12 more 2025-04-12 N/A
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
CVE-2014-0113 1 Apache 1 Struts 2025-04-12 N/A
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
CVE-2014-5015 2 Eterna, Netbsd 2 Bozohttpd, Netbsd 2025-04-12 N/A
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
CVE-2014-5031 3 Apple, Canonical, Redhat 3 Cups, Ubuntu Linux, Enterprise Linux 2025-04-12 N/A
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.