CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2014-6387 287 Bypass 2014-10-22 2014-10-23
5.0
None Remote Low Not required None Partial None
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
52 CVE-2014-6379 287 Bypass 2014-10-14 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when a RADIUS accounting server is configured as [system accounting destination radius], creates an entry in /var/etc/pam_radius.conf, which might allow remote attackers to bypass authentication via unspecified vectors.
53 CVE-2014-6368 20 Bypass 2014-12-10 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
54 CVE-2014-6365 20 XSS Bypass 2014-12-10 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6328.
55 CVE-2014-6355 200 Bypass +Info 2014-12-10 2018-10-12
5.0
None Remote Low Not required Partial None None
The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG images, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Graphics Component Information Disclosure Vulnerability."
56 CVE-2014-6339 264 Bypass 2014-11-11 2018-10-12
5.0
None Remote Low Not required None Partial None
Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
57 CVE-2014-6328 20 XSS Bypass 2014-12-10 2018-10-12
5.0
None Remote Low Not required None Partial None
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365.
58 CVE-2014-6318 287 Bypass 2014-11-11 2019-05-14
4.3
None Remote Medium Not required None Partial None
The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka "Remote Desktop Protocol (RDP) Failure to Audit Vulnerability."
59 CVE-2014-6289 264 Bypass 2014-10-03 2014-10-06
7.5
None Remote Low Not required Partial Partial Partial
The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors.
60 CVE-2014-6288 264 Bypass 2014-10-03 2014-10-10
7.5
None Remote Low Not required Partial Partial Partial
The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors.
61 CVE-2014-6257 264 Bypass 2014-12-15 2016-03-21
5.0
None Remote Low Not required None Partial None
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407.
62 CVE-2014-6256 264 Bypass 2014-12-15 2016-03-21
7.5
None Remote Low Not required Partial Partial Partial
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386.
63 CVE-2014-6230 20 Bypass 2014-10-24 2014-10-27
4.3
None Remote Medium Not required Partial None None
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.
64 CVE-2014-6186 264 Bypass 2014-12-24 2017-09-07
4.0
None Remote Low Single system None Partial None
IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph.
65 CVE-2014-6160 264 Bypass 2014-12-28 2017-09-07
2.1
None Local Low Not required None Partial None
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
66 CVE-2014-6138 200 Bypass +Info 2014-12-12 2017-09-07
4.0
None Remote Low Single system Partial None None
The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors.
67 CVE-2014-6116 287 Bypass 2014-10-18 2017-09-07
4.3
None Remote Medium Not required None Partial None
The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration.
68 CVE-2014-6041 264 Bypass 2014-09-02 2017-09-07
5.8
None Remote Medium Not required Partial Partial None
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser.
69 CVE-2014-5318 264 Bypass 2014-09-26 2017-01-06
5.8
None Remote Medium Not required Partial Partial None
The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
70 CVE-2014-5300 287 1 Exec Code Bypass 2014-10-08 2018-10-09
5.0
None Remote Low Not required None Partial None
Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature.
71 CVE-2014-5298 264 Bypass 2014-10-09 2018-10-09
5.0
None Remote Low Not required None None Partial
FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program.
72 CVE-2014-5269 264 Bypass +Info 2014-09-04 2014-09-08
5.0
None Remote Low Not required Partial None None
Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.
73 CVE-2014-5252 255 Bypass 2014-08-25 2014-10-10
4.9
None Remote Medium Single system Partial Partial None
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.
74 CVE-2014-5246 264 1 Bypass 2014-08-22 2017-09-07
10.0
None Remote Low Not required Complete Complete Complete
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
75 CVE-2014-5206 264 Bypass 2014-08-18 2017-01-06
7.2
None Local Low Not required Complete Complete Complete
The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.
76 CVE-2014-5205 352 Bypass CSRF 2014-08-18 2014-11-13
6.8
None Remote Medium Not required Partial Partial Partial
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
77 CVE-2014-5204 352 Bypass CSRF 2014-08-18 2015-11-25
6.8
None Remote Medium Not required Partial Partial Partial
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
78 CVE-2014-5195 362 Bypass 2014-08-07 2017-09-07
7.2
None Local Low Not required Complete Complete Complete
Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.
79 CVE-2014-5175 287 Bypass 2014-07-31 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.
80 CVE-2014-5173 264 Bypass 2014-07-31 2018-10-09
5.0
None Remote Low Not required Partial None None
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.
81 CVE-2014-5033 362 Bypass 2014-08-19 2014-10-16
6.9
None Local Medium Not required Complete Complete Complete
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
82 CVE-2014-5020 264 Bypass 2014-07-22 2014-07-22
4.9
None Remote Medium Single system Partial Partial None
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.
83 CVE-2014-5015 264 Bypass 2014-07-24 2017-08-28
5.0
None Remote Low Not required Partial None None
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
84 CVE-2014-4987 264 Bypass 2014-07-20 2018-10-30
4.0
None Remote Low Single system Partial None None
server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.
85 CVE-2014-4844 264 Bypass 2014-12-16 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit.
86 CVE-2014-4817 264 Bypass 2014-11-18 2017-08-28
2.1
None Local Low Not required None Partial None
The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename.
87 CVE-2014-4810 264 Bypass 2014-11-05 2017-08-28
4.3
None Remote Medium Not required None Partial None
IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff.
88 CVE-2014-4802 264 Bypass +Info 2014-10-07 2017-08-28
4.0
None Remote Low Single system Partial None None
The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search.
89 CVE-2014-4793 264 Bypass 2014-10-01 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.
90 CVE-2014-4790 264 Bypass +Info 2014-08-26 2017-08-28
4.9
None Remote Medium Single system Partial Partial None
IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
91 CVE-2014-4786 264 Bypass +Info 2014-09-10 2017-08-28
4.9
None Remote Medium Single system Partial Partial None
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
92 CVE-2014-4784 264 Bypass +Info 2014-09-10 2017-08-28
4.3
None Remote Medium Not required None Partial None
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
93 CVE-2014-4758 264 Bypass 2014-09-04 2017-08-28
4.0
None Remote Low Single system None Partial None
IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.
94 CVE-2014-4757 264 Bypass 2014-08-11 2017-08-28
2.1
None Local Low Not required Partial None None
The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary mailbox by invoking the Search function.
95 CVE-2014-4725 287 Exec Code Bypass 2014-07-27 2014-07-28
7.5
None Remote Low Not required Partial Partial Partial
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
96 CVE-2014-4668 287 Bypass 2014-07-02 2017-01-02
6.8
None Remote Medium Not required Partial Partial Partial
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
97 CVE-2014-4655 189 DoS Overflow Bypass 2014-07-03 2017-08-12
4.9
None Local Low Not required None None Complete
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
98 CVE-2014-4631 287 Bypass 2014-12-08 2018-10-09
5.0
None Remote Low Not required None Partial None
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.
99 CVE-2014-4622 264 +Priv Bypass 2014-09-17 2017-08-28
7.1
None Remote High Single system Complete Complete Complete
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors.
100 CVE-2014-4621 264 Bypass 2014-09-17 2017-08-28
8.5
None Remote Medium Single system Complete Complete Complete
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.
Total number of vulnerabilities : 457   Page : 1 2 (This Page)3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.