Search Results (26329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3775 1 Libgadu 1 Libgadu 2025-04-12 N/A
libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.
CVE-2014-0865 1 Ibm 2 Algo Credit Limits, Algorithmics 2025-04-12 N/A
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via crafted serialized objects, as demonstrated by limit manipulations.
CVE-2014-0871 1 Ibm 2 Algo Credit Limits, Algorithmics 2025-04-12 N/A
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character.
CVE-2013-5760 1 Qnap 2 Photo Station, Photo Station Firmware 2025-04-12 N/A
QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php.
CVE-2014-2899 1 Yassl 1 Cyassl 2025-04-12 N/A
wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.
CVE-2014-3941 1 Typo3 1 Typo3 2025-04-12 N/A
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."
CVE-2014-0919 1 Ibm 1 Db2 2025-04-12 N/A
IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.
CVE-2014-0946 1 Ibm 1 Operational Decision Manager 2025-04-12 N/A
The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.
CVE-2011-4103 1 Djangoproject 1 Piston 2025-04-12 N/A
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
CVE-2011-4104 1 Djangoproject 1 Tastypie 2025-04-12 N/A
The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
CVE-2014-0954 1 Ibm 1 Websphere Portal 2025-04-12 N/A
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
CVE-2011-4367 1 Apache 1 Myfaces 2025-04-12 7.5 High
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
CVE-2014-0995 1 Sap 1 Netweaver 2025-04-12 N/A
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.
CVE-2014-0999 1 Sendio 1 Sendio 2025-04-12 N/A
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.
CVE-2004-2771 4 Bsd Mailx Project, Heirloom, Oracle and 1 more 4 Bsd Mailx, Mailx, Linux and 1 more 2025-04-12 N/A
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
CVE-2013-6043 1 Softaculous 1 Webuzo 2025-04-12 N/A
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
CVE-2014-10026 1 Dlink 2 Dap-1360, Dap-1360 Firmware 2025-04-12 N/A
index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin.
CVE-2014-3087 1 Ibm 2 Business Process Manager, Websphere Application Server 2025-04-12 N/A
callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-3092 1 Ibm 7 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 4 more 2025-04-12 N/A
IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2014-3095 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2025-04-12 N/A
The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.